1. Session Management &
Authentication with Node
Kianosh Pourian
twitter: @kianoshp
blog: innovatorylife.com
Thursday, January 17, 13
2. Purpose
• To be able to authenticate users through:
• login and password
• third party validation
• twitter
• facebook
• linkedin
• github
• Manage sessions
Thursday, January 17, 13
3. Options
• EveryAuth
• Passport
• Custom made
• connect-auth
Thursday, January 17, 13
5. Pitfalls
• req.flash - https://github.com/visionmedia/express/
wiki/Migrating-from-2.x-to-3.x
• connect-flash
• DB for session management
• Redis - http://stackoverflow.com/questions/
12947965/nodejs-passport-js-redis-how-to-
store-sessions-in-redis?lq=1
• MongoDB
Thursday, January 17, 13
6. Pitfalls (continued)
• Order of configuration
• The order that you pass things to app.use
determines the order in which each
middleware is given the opportunity to
process a request.
• place app.use(...static) at the top in order to
avoid parsing and authenticating them
through passport.
Thursday, January 17, 13