Session-Based Authentication - Explanation + Full Node.js Tutorial
HTML-код
- Опубликовано: 5 фев 2025
- In this video we're gonna learn what is session based authentication and also build a complete example using Node.js with express, express-session and ejs template engine.
We're gonna learn login and logout functionalities, protect routes using middleware, send logged user details to views and more.
REST API Authentication and Authorization - Explanation + Full Node.js Tutorial:
• REST API Authenticatio...
Github repo:
github.com/man...
![Blox Fruits Dragon Rework Update [Full Stream]](http://i.ytimg.com/vi/EqDAp8udhm0/mqdefault.jpg)
I now consider your videos a must watch for my learning. You're a legend.
Thank you my friend🤜🏻🤛🏻
Been looking for a video like this. All the ones I’ve seen are a little advanced and they already have the code written which I hate. This was perfect 👍🏾 easy and simple and covers the basic.
15:57 express-session in action
great one again. I also consider your videos a must watch for my learning. just because of less views please don't stop to create content.
Thank you for the comment my friend🤜🏻🤛🏻
Such quality videos from your channel. Thank you
Excellent and enjoyable explanation as always. I hope you continue with this wonderful lesson. I have a question that I hope you can answer: How can I prevent a user from logging in to the same account from different devices, or how can I control login sessions?
I searched and found two methods to do this, but they are impractical.
The first method: Upon user login, I save the refresh token in the database, and upon logout, I delete the refresh token from the database. The problem with this method is that if the user deletes the refresh token from the browser, they won’t be able to log in again because, from the backend's perspective, the user is still logged in.
The second method: I use a unique code for each device, and the only way to do this is by using a library like express-useragent, user-agents, ua-parser-js, or useragent. However, these libraries have many issues, including the possibility that two different users might end up with identical codes.
Is there a solution to this problem? I hope you can make a video about this topic and how to control the number of user sessions.
Thank you my friend.
Are using JWT? Or sessions?
@@manfraio I use JWT
Unfortunately there is no correct way to do this, since JWT is meant to be stateless.
I would recommend you use the first method, storing the token on the DB, but on the backend login route, in addition to check if there is a token on the DB, also check if the token is expired. If so, proceed with the normal user login, otherwise the user would have to wait for the token to expire to login again.
Or instead of checking if the token is expired, you could also save an expiration date on the DB in addition to the token and check that.
This is an hybrid approach, using JWT and session.
Great video once again, one question, when performing a user registration we can use bcrypt to save the password and compare when the user wants to login right?
Yes you should definitely use bcrypt to store the password on the database.
U r a gem dude .No doubt in that.Plz tell me which authentication is better , authentication with jwt or this one . Actually I am implementing Matrimony MERN STACK application .So I want suggestions
Thank you. Since you are using React on the frontend I suggest you use JWT authentication.
Sessions I prefer to use when rendering web pages (views) from the server.
@@manfraio Thank you .
I will use jwt as u said .Plz do more tutorials like this
@@manfraioHi ,for storing of user profile photos ,what is best approach u suggest me in MERN STACK APPLICATION
sir do you have a PC or a laptop? Please share its specifications, and if you have both, kindly share the specs of both
I have a mac pro with apple chip and a HP laptop with windows. Mac with 1T and 24gb of RAM and HP with 1T and 16gb RAM.
@@manfraio I heard that most programmers use Linux.
Yes, since a was developing for iOS, I use Mac for a long time. I just got used to it.