I am creating a web application and REST service Using ExpressJS + NodeJS + MongoDB + Mongoose, my requirement is :
1) I have a simple html page as separate project.
2) API's as another project developed using express + NodeJS .
I want a single authentication mechanism for both form and API. I don't want to use OATH, even i want to maintain a session with that same authentication. so that i will be able to call the service using JQuery.AJAX, if the user is in session.
Is there any way to do this ?
Thanks in advance
Of course there is. If you held user data and session in database (or at least inmemory storage like Redis), then you can just connect to it and retrieve data from it. Session is nothing else then simple entry in db.
On the other hand it is impossible, if you hold session data in app's memory, but you shouldn't do that in any case, since this effectively makes your app unscalable.
If for some reasons you cannot make both apps connect to the same db/storage, then there is no other choice then a RESTful API (in main app) which will answer the question: "am I authenticated?".