Could I use cookie-session instead of express-session?

jason.tsai · July 30, 2019, 5:05am

Sorry I am new to this,

I am trying to understand and follow the great post for Passport.js with Auth0.

I am wondering if I can use cookie-session package instead of express-session.
My environment is aws application load balancer + 3 instances.

My understand is that express-session is needed to store security key since JWT does not need to store any other data.

I am wondering if I can use cookie-session instead to avoid storing anything on the backend or database.

I tried to use it but our app won’t work without turning on sticky session in ALB.
I tried to set state: false, but then the JWT token I got returned from the server is very short and no data.

Thank you,
Jay

dan.woda · July 30, 2019, 11:08pm

Hi @jason.tsai,

I did a quick search and found this (I couldn’t link to the specific part of the page, so you may need to scroll a bit):

But if you look at Use cookies securely you’ll see how to setup a secure session. I think this should do it, but I would go through and make sure, as I only did some cursory research.

Hope this helps,
Dan

dan.woda · August 14, 2019, 11:08pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Create a Simple and Secure Node Express App Blog Discussions node , passport , nodejs , express , node-auth0	71	14082	June 14, 2023
Help needed with Stateless sessions and token based NodeJs QuickStart guide Help jwt , quickstart , express , getting-started	1	4166	January 8, 2020
Reading Auth0 Session Cookie in Express Help auth0 , session , express , cookie , nextjs	3	5732	April 27, 2021
appSession token comes to server instead of jwt token Help node-auth0 , sdks-quickstarts	0	1541	January 25, 2023
Confused about RBAC authorization in node.js web-apps Help nodejs , authorization	3	4346	February 8, 2020

Could I use cookie-session instead of express-session?

Related Topics