What's difference with express-session and cookie-session?
I am new with Express. As Express 4.x has removed bundled middlewares.
Any middleware I want to use should be required. When I read the README with express-session and cookie-session on github, I feel it hard to understand the difference.
So I try to write simple code to figure it out. I run twice for each middleware.
var express = require('express')
, cookieParser = require('cookie-parser')
, session = require('cookie-session')
, express_sess = require('express-session')
, app = express();
app.use(cookieParser())
app.use(session({ keys: ['abc'], name: 'user' }));
//app.use(express_sess({ secret: 'abc', key: 'user'}));
app.get('/', function (req, res, next) {
res.end(JSON.stringify(req.cookies));
console.log(req.session)
console.log(req.cookies)
});
app.listen(3000);
For cookie-session, I always get {} in my terminal.
For express-session, I get things like this.
req.session: { cookie: {
path: '/',
_expires: null,
originalMaxAge: null,
httpOnly: true
}
}
req.cookie: {user: 's:aJ97vKA5CCwxqdTj0AV1siRQ.fWusS5+qfCKICtwkfrzcZ/Gq8P0Qdx/kx8mTBhoOhGU'}
It really confuses me. So how to explain the result with the basic use? And what's the difference between them? When should I use them?
Answer
Basically, express-session is more abstract, it supports different session stores (like files, DB, cache and whatnot).
And cookie-session is a simple / lightweight cookie-based (cookie is the only storage engine supported: all the session info is stored on the client, in a cookie) session implementation. This kind of sessions is probably most famous for its Rails implementation.