2

I want to know the underlying concepts of cookie-session in expressjs. When ever we stores something in session for example 

req.session.myName = "Manas Tunga";

where this session data is stored ?? is it in client side session cookies or in server memory. And how does the cookie-session middleware work without having the cookie-parser middleware. How does the session cookie parsed without cookie-parser middleware ??

Does cookie-session creates a in memory session object ?? or it stores every session data only in client side session cookie. or it uses both . I am bit confused.

Alvaro
  • 40,778
  • 30
  • 164
  • 336
manas
  • 6,119
  • 10
  • 45
  • 56

1 Answers1

3

where this session data is stored ?

The data is stored in the client's cookies

How does the session cookie parsed without cookie-parser middleware ?

The cookie-session module has as dependency the cookies module which allows for getting and setting HTTP cookies

Does cookie-session creates a in memory session object ?? or it stores every session data only in client side session cookie. or it uses both.

It creates a session object which is stringified and encoded in base64 and finally stored in client side session cookie

micnic
  • 10,915
  • 5
  • 44
  • 55
  • I think this answer is incorrect. Read more here for a better idea - http://stackoverflow.com/a/12457587/4434249 - Only the session ID is stored with the cookie it seems. – noob-in-need Nov 03 '15 at 21:54
  • 2
    @noob-in-need please read: https://github.com/expressjs/cookie-session#max-cookie-size , there you'll find: "Because the entire session object is encoded and stored in a cookie, it is possible to exceed the maxium cookie size limits on different browsers". It depends on the implementation, the cookie may contain only the session id, but in this case it contains the whole session content, which is, of course, encoded. – micnic Nov 04 '15 at 09:40
  • Thanks for the reply. I assumed he was talking about a different module. – noob-in-need Nov 04 '15 at 18:51