I am building an app using expressjs, I want to use sessions where session data is stored in server-side and the cookie only contains the encrypted key to it. I seen a lot of examples that express does the same. But my problem is that they seem to use express.session where as Express docs doesn't specify any such middleware right now. It has cookieSession and I am not very sure as to what kind of sessions it provides.
I tried to search for the same, but could not find any suitable information, so this question. Please help me out. If it only cookie-based encryption and holds all the data in the cookie only. Than I just wanted to know is it safe enough to be used. I know it can't be tempered and all. But still I get a feeling that the best option is the one I mentioned above.
If it the same as express session than I have one more question as to which session data-store should I use? I want it to be fast and also reliable(it doesn't get deleted). Basically my choice is between connect-redis and connect-mongo. Please help me out.
I have found the answer why its not available in express docs because it comes from connect and its the same as connect. Regarding the better option, I think its better option to store the data in server-side, though some might argue that its better to store client side for scalability...but you cant compromise security for scalability.