102

What is the best way to manage session variables in Node.js? Is there any library?

Yves M.
  • 29,855
  • 23
  • 108
  • 144
Timmy
  • 12,468
  • 20
  • 77
  • 107

5 Answers5

94

You can do that very easily using:

Other option is to use frameworks:

  • Express.js: http://expressjs.com/

    It seems to be the most used node.js framework. Is like Sinatra for Ruby and runs on top of connect.

  • Geddy: http://geddyjs.org/

    If you want to do more complex WebApps, Geddy is the one you choose. Is like Rails for Ruby.

Community
  • 1
  • 1
donald
  • 23,587
  • 42
  • 142
  • 223
  • What does geddy offer on top of / over express? - Same difference as Sinatra and Rails? – Michael Jun 10 '11 at 09:22
  • 1
    @Michael [geddy vs express](http://stackoverflow.com/questions/5683916/node-js-express-vs-getty/5683938#5683938) – Raynos Jun 20 '11 at 06:00
  • 4
    I think you should mention that Express is built on top of Connect -- any features or addons that are compatible with Connect will work with Express. – Jonathan Dumaine Sep 13 '11 at 08:41
  • For statelessness, see http://stackoverflow.com/questions/17982607/nodejs-framework-for-stateless-sessions?noredirect=1#comment26294530_17982607 – Robert Christian Aug 04 '13 at 18:59
14

Just offload it to memcache or some other caching mechanism. I wouldn't burden your servers with this sort of thing. What is the point of a super lean web server that has to remember stuff.

I would also try and develop your site as an application and not a website, or treat your website as an application, use the wonderful features of html5 such as local storage/local databases and cut down on the amount of traffic between server and client machines.

If all else fails (or site is small) then what's stopping you write your own session class. Not that difficult. Especially if its an in memory type thing. Put some timer logic to time out sessions and there you go. Damn in a dynamic language such as JavaScript, should be a cinch.

Structure should be a dictionary with key being session and value being an object containing details of last communication and capabilities (to enable access to certain features). Add a sweep function to clear out old sessions that have timed out. and bingo. A basic session service. a basic check on "is session key in list...yes/no...get details"...and I think thats it....or is there some feature that I am missing.

I personally would avoid any third party tool out there for as long as possible. Sands of time shift very quickly and you can always depend on code developed by yourself.

WeNeedAnswers
  • 4,620
  • 2
  • 32
  • 47
  • 1
    Your last comment is not true for several reasons. If you get code from a popular framework, it has probably gone through enough testing to vet it; your code is only as good as the testing you yourself can perform. If you don't update the framework, the sands never shift. If you do update, your own code has a higher chance of breaking than third party code, which could have been updated along-side the server code. Your own code has to be manually updated. So, in basically every scenario, popular third party code is a better option. "Don't Reinvent the Wheel" is a popular saying for a reason. – Kyeotic Jun 03 '12 at 18:34
  • This isn't really relevant to nearly all node modules, as they are open source. – Kyeotic Jun 04 '12 at 03:45
  • 10
    There are so many holes in your argument I don't even know where to start. 1) Why use a third party tool: to save time and energy. 2) Open Source != no brand. Express/Connect are made by teams, and their work has been vetted by a large community. They are not "some kid." 3) Reinventing wheels costs time. Maybe your time is free, most people's isn't. 4) You will never know every screw, bolt, and clip. All modern software is built on frameworks, there is simply too much for any one person to know every bit. I honestly don't believe that you can be a professional developer with these opinions. – Kyeotic Jun 04 '12 at 04:17
  • 5
    I never personally insulted you, I said your argument had holes and then I lined them out. You != Your Argument. When I said I honestly don't believe that you can be a professional developer with these opinions, I meant the general "you", not you specifically. Your opinions on frameworks ignore the fact that all modern software uses them. I stand by my position, and this isn't going anywhere. I agree with the accepted answer, that using Express/Connect is the right way to go. Hence my defense of Express. – Kyeotic Jun 04 '12 at 20:28
  • 2
    You seem to be taking right past my position of "frameworks are necessary", and arguing that "frameworks are bad." Please understand, I don't disagree with any of your problems with frameworks, but they are still necessary. Nobody develops software without the use of SOME frameworks. It is simply not possible to build modern software with 100% self-developed code. – Kyeotic Jun 04 '12 at 20:30
  • 1
    What kind of apps do you build? Developing in c# is almost impossible: webforms, MVC, winforms, WPF/Silverlight, all are frameworks. Have you never used them? I see c# in your questions a lot, so I am assuming you must have. If all you ever make is libraries, fine, frameworks aren't necessary; However, most professional developers make larger software, like applications. I'm sorry, but I don't see how someone who uses c# regularly can claim they don't use frameworks unless they don't make applications. Good luck though, this is a little past pointless. – Kyeotic Jun 05 '12 at 16:02
  • 1
    Weird... WeNeedAnswers if you don't trusts opensource, frameworks and third party tools, maybe you should not use node.js at all... actually you should't use javascript either.. – levhita Dec 12 '12 at 18:13
  • 1
    Too many people rely too much on frameworks ESPECIALLY in JavaScript/Node.js. One of the most valid points made here in a roundabout way by WeNeedAnswers is about the massive gold rush by 3rd party devs to be the "it" framework on any new technology, and they end up wedging their extra layer of abstraction between the programmer and the core technology. Ex: Almost every interview I have with potential front-end "developers" comes to a screeching halt when I ask the "developer" to do something simple in JavaScript without jQuery. That is TOTALLY unacceptable and it's making the industry lazy. – L0j1k May 08 '13 at 11:26
  • 1
    Equally important here is the point about offloading important design/implementation decisions to some group of developers that you have no control over, when you choose to use a third party framework or library. At the end of the day, when your application grinds to a halt because of some issue with the framework/library pops up, YOU the programmer are responsible for your work. If it's a problem in Express, your client/boss/coworker won't be calling the Express dev team at 3am to fix it. I'm not saying don't use Bootstrap, jQuery, or Express. I'm saying don't be a weenie. – L0j1k May 08 '13 at 11:36
  • @WeNeedAnswers How can node.js access memory (memcache)? – Luke Dec 16 '13 at 23:24
13

nodejs provides a basic http API. http is stateless, and ideas of sessions and session variables exist in framework/protocols build on top of http. http://en.wikipedia.org/wiki/Session_%28computer_science%29

Take a look at http://geddyjs.org/ or http://expressjs.com/ as examples of web frameworks built with node that provide sessions.

Mark Bolusmjak
  • 23,606
  • 10
  • 74
  • 129
6

Donald's answer is good - once you get into the onion pattern of connect middleware you have to make a decision on what type of session store to use. The default one in express is a MemoryStore, and is not intended for production use. Here are some of your choices:

Mongo https://github.com/mikkel/express-session-mongo - Be sure to use the option 'native_parser:false'

Redis https://github.com/visionmedia/connect-redis - Very good, but if you aren't already using redis for pub/sub or storage it might not be ideal.

Note, there are other choices - it depends on your project. Look for something you can introduce leveraging your existing technology stack.

martyn
  • 131
  • 1
  • 3
  • 3
    I want to focus on the "The default one in express is a MemorySrote, and is not intended for production use". Go to http://engineering.linkedin.com/nodejs/blazing-fast-nodejs-10-performance-tips-linkedin-mobile and read point 7. – guiomie Apr 30 '12 at 01:13
  • 4
    That's interesting, so how would you manage user permissions if not by maintaining sessions? – Costa Michailidis Dec 28 '12 at 16:00
2

If you are looking for serious web development using Node.js, use Express framework; it supports sessions.

Create the Express project with the --sessions options.

$ express --sessions

To install Express:

$ npm install express -g
Hage Yaapa
  • 521
  • 3
  • 4