I have a question - I found a few answers floating around here. Basically, I want to have a node.js server application serving up json documents for requests. All templating will happen client side Some of the requests will require authentication but most will not. I'd like to eliminate the need for framework (express) session management wherever possible (as recommended by linked-in) to improve performance so I thought of a couple solutions for authentication.
1) Write custom authentication that persists the session as a document and checks it wherever a request is made to the node.js server that needs authentication. Keep all user info in html5 storage or cookies for the dom to use for templating. + Works - Have to write custom security to avoid session management in express/node.
2) Have 2 node.js instances. One serves everything in the public domain. One is for secure requests only. Still keep all user info in the session. + Simple as we can push session management onto the framework for requests that require authentication - Has 2 node instances. May have some bad DRY.
Is the second option reasonable? Or is there another option I'm missing. Option 1 is my fallback as I'd rather not do all of the custom coding when it's already built into express.
EDIT:
To leave one possibility on here, I think I can use multiple callbacks on a resource request to allow an interceptor type pattern for validating user in session. This answers the first question.
From the express documentation: Several callbacks may also be passed, useful for re-using middleware that load resources, perform validations, etc. app.get('/user/:id', user.load, function(){ // ... })