How to Use Session Variables with NodeJS?
Last Updated :
17 Mar, 2025
When building web applications with NodeJS, managing session data becomes an important task, especially for things like user authentication, shopping carts, or temporary data storage. In this article, we will explore how to use session variables in NodeJS.
What are Session Variables?
Session variables in NodeJS allow you to store data on the server side that can be accessed and modified across multiple HTTP requests. Unlike cookies, which are stored on the client side, session variables are stored in memory (or a database in some cases) on the server.
Why Use Session Variables?
- User Authentication: Sessions are commonly used to store user authentication states (e.g., whether a user is logged in).
- Data Persistence: Session variables ensure that important data is available across multiple requests without requiring the user to send it back to the server every time.
- Improved User Experience: By maintaining session states, users can continue their activities on your website without interruptions.
How to Set Up Session Variables in NodeJS?
To begin using sessions in NodeJS, you need to install and configure a session middleware. The most popular one is express-session.
Step 1: Initialize the project using the following command in the terminal
npm init -y
Step 2: Install the following required modules using the terminal.
npm install express express-session cookie-parser
Using Session Variable in NodeJS
This implementation shows how to use session variables to track a view counter for a client. When a user first visits the site, a unique session is created, and a cookie is assigned to the user. On subsequent visits, the server recognizes the user via the cookie, and the view counter is updated based on the session data, allowing you to track the number of visits a user has made to the site.
JavaScript
const express = require("express");
const session = require("express-session");
const cookieParser = require("cookie-parser");
const PORT = 4000;
const app = express();
app.use(cookieParser());
app.use(session({
secret: "amar",
saveUninitialized: true,
resave: true
}));
app.get('/', (req, res) => {
if (req.session.view) {
req.session.view++;
res.send("You visited this page for "
+ req.session.view + " times");
}
else {
req.session.view = 1;
res.send("You have visited this page"
+ " for first time ! Welcome....");
}
})
app.listen(PORT, () =>
console.log(`Server running at ${PORT}`));
Output: The number of times you visit the same page, the number of times the counter will increase.
Run the file using the below command in the terminal.
node app.js
In this example
- The code imports the necessary modules: express, express-session, and cookie-parser, and sets up a server on port 4000.
- cookieParser() middleware is used to parse cookies, and express-session() middleware is configured to handle session management.
- When the user visits the homepage (/), it checks if the session has a view variable; if it exists, it increments the count to track page visits.
- If it’s the user’s first visit, it initializes the view variable and displays a welcome message; otherwise, it shows the number of times the page has been visited.
Creating Login and Log out with session variables
- Suppose there are three links login, logout, and profile. The user can't go to the profile directly until he logged in. When the user logs in the session is created and the session will be destroyed after logout.
- We are creating a login logout page. Whenever a user logs in we put that user into the session and throughout the session, the user stays in that session. When the user logs out, we will destroy the session.
JavaScript
const express = require("express");
const app = express();
const session = require("express-session");
const cookieParser = require("cookie-parser");
const PORT = 4000;
app.use(cookieParser());
app.use(session({
secret: "amar",
saveUninitialized: true,
resave: true
}));
const user = {
name: "Amar",
Roll_number: 43,
Address: "Pune"
};
app.get("/login", (req, res) => {
req.session.user = user;
req.session.save();
return res.send("Your are logged in");
});
app.get("/user", (req, res) => {
const sessionuser = req.session.user;
res.send(sessionuser);
});
app.get("/logout", (req, res) => {
req.session.destroy();
res.send("Your are logged out ");
});
app.listen(PORT, () => console.log(`Server at ${PORT}`));
Step 5: Run the file using the following command in the terminal.
node app.js
Output
In this example
- The code sets up an Express server with session management using express-session and cookie parsing with cookie-parser.
- A sample user object containing name, Roll_number, and Address is defined.
- When the user visits the /login route, their session is initialized with the user object, and a login success message is sent.
- The /user route retrieves the user data from the session and displays it, while the /logout route destroys the session and logs the user out.
Best Practices for Using Sessions in NodeJS
- Use Secure Cookies: Always use secure cookies by setting the secure: true flag when running in a production environment with HTTPS.
- Session Expiration: Set a reasonable expiration time for your sessions to improve security.
- Session Data Encryption: If you're storing sensitive information, ensure that session data is encrypted before being stored on the server.
- Use a Persistent Session Store: For large applications, use a persistent session store like Redis or MongoDB instead of relying on in-memory storage.
- Avoid Storing Sensitive Information: Never store sensitive information such as passwords in session variables. Always store only the necessary identifiers or tokens.
Similar Reads
NODE_ENV Variables and How to Use Them ?
Introduction: NODE_ENV variables are environment variables that are made popularized by the express framework. The value of this type of variable can be set dynamically depending on the environment(i.e., development/production) the program is running on. The NODE_ENV works like a flag which indicate
2 min read
How to register a variable in PHP session ?
The PHP session is required so that you can store the user information and use it on different pages of the browser. Approach: It creates a session with the name or any other useful information you want to store and access on different pages. Even after your page is closed you can access the informa
3 min read
PHP | Unset Session Variable
Whenever data are stored using cookies, there is a possibility of a hacker to insert some harmful data in the user's computer to harm any application. So its always advisable to use PHP sessions to store information on the server than on a computer. Whenever data is needed across many pages of a web
3 min read
How to use JavaScript Variables in Ruby?
JavaScript and Ruby are two powerful programming languages used extensively in web development. While each language has its own set of features and capabilities, there are times when developers may need to integrate functionalities from one language into the other. One common scenario is using JavaS
4 min read
How to use JSON web tokens with Node.js ?
JSON Web Token (JWT) is an Internet Standard that is used for exchanging data between two parties in a secure manner. It can't be easily hacked as it creates a digital signature with the secret key along with the HMAC algorithm). JWT Structure: JSON Web Tokens consist of three parts separated by do
4 min read
How to Update value with put in Express/Node JS?
Express JS provides various HTTP methods to interact with data. Among these methods, the PUT method is commonly used to update existing resources. PrerequisitesNode JS Express JS In this article, we are going to setup the request endpoint on the server side using Express JS and Node JS. This endpoin
2 min read
How to Pass variables to JavaScript in Express JS ?
Express is a lightweight framework that sits on top of Node.jsâs web server functionality to simplify its APIs and add helpful new features. It makes it easier to organize your applicationâs functionality with middleware and routing. When working with Express.js you may encounter scenarios where you
2 min read
How to Build a Simple Web Server with Node.js ?
Node.js is an open-source and cross-platform runtime environment for executing JavaScript code outside a browser. You need to remember that NodeJS is not a framework, and itâs not a programming language. Node.js is mostly used in server-side programming. In this article, we will discuss how to make
3 min read
How to Run Node Server?
A Node server runs JavaScript outside the browser to handle web requests. It listens for incoming requests, processes them, and sends responses. Unlike traditional servers, it handles multiple requests at once without waiting for each to finish.Some of the key features of the Node Server are:Non-Blo
3 min read
How to Implement ACL with Passport using Node.js ?
Nodejs is an asynchronous event-driven JavaScript runtime, Node.js is designed to build scalable network applications.Passportjs: Passport is authentication middleware for Node.js. Extremely flexible and modular, Passport can be unobtrusively dropped in to any Express-based web application. A compre
8 min read