I am actually working with express-session and I have a question : Is node.js, or more particulary express-session sateless or stateful ?
In fact, when we need to use session with node, we use the req.session.foo, it means that we use the request to get the session.
So, is there anything stored on the server (sateful) ? In this case, why cant we access the value with a "global variable" like in php ?
In the other case, it means that we have a stateless server, and is the sessionID value correspond to the token key ?
Can you help me understanding this middleware a bit more ?
Thanks for advance
is there anything stored on the server
Yes, that is how sessions work
why cant we access the value with a "global variable" like in php
Because a global in a Node based HTTP server is global for the server and not the the request. You'd have sessions overwriting each other.
Sessions are about storing information about a specific client inside the server, so you can't talk about a strictly "stateless server" anymore.
The "global variables" in PHP are also per-request.
Note that PHP code is invoked once per request, while Node code keeps running and serves multiple requests, so you need to explicitly take a specific request's session.
I assume what you are looking for is a method of storing some state about the current user without having to use a server-connected storage mechanism (Redis, MySQL, whatever).
This is exactly what cookie-session does. It stores state on the client in the form of a cookie, but also stores an HMAC signature to verify that the client has not altered the information. This allows the client to hold it's own state, but also ensures that the information the client hands you can be trusted.
Instead of a session storage provider you will need a secret key (or keys) that will be used to sign the session cookies.
Also, I recommend looking at the source code as some of the documentation is a little out of date.