Do i need to install express-session every time I use passport nodejs?

Question

Do i need to install express-session every time I use passport nodejs?

I was following a tutorial on using Oauth (Google) with Passport.js and Nodejs, The Net Ninja one

And He didn't mention express-session and it worked for him

When I tried it it gave me the Error:

Login sessions require session support. Did you forget to use `express-session` middleware?

And When I installed express-session, and did something like this

var session = require('express-session');

app.use(session({
  secret: 'keyboard cat',
  resave: false,
  saveUninitialized: false,
  cookie: { secure: true }
}));

... It worked Fine!

So, did I have to use express-session, and should I do every time I use passport oauth?

Answer 1

A web application needs the ability to identify users as they browse from page to page. This series of requests and responses, each associated with the same user, is known as a session.

https://www.passportjs.org/concepts/authentication/sessions/

Sessions allow you to keep the user authenticated across multiple requests. Without sessions, each request would be treated as a new request, and the user would have to authenticate themselves again and again.

When you use express-session, Passport stores the authenticated user's information in a session cookie. This allows you to keep the user authenticated across multiple requests.

But, you can disable session support in Passport: Passport js authentification without sessions.

Once you have disabled session support, you will need to store the auth information in a different way. One way to do this is to use JSON Web Tokens (JWTs). JWTs are a way of storing user information in a token that can be passed between the client and the server. JWTs are stateless, so they don't require sessions.

Have a look: https://www.passportjs.org/packages/passport-jwt/