Auth0 Home Blog Docs

Could I use cookie-session instead of express-session?

Sorry I am new to this,

I am trying to understand and follow the great post for Passport.js with Auth0.

I am wondering if I can use cookie-session package instead of express-session.
My environment is aws application load balancer + 3 instances.

My understand is that express-session is needed to store security key since JWT does not need to store any other data.

I am wondering if I can use cookie-session instead to avoid storing anything on the backend or database.

I tried to use it but our app won’t work without turning on sticky session in ALB.
I tried to set state: false, but then the JWT token I got returned from the server is very short and no data.

Thank you,
Jay

Hi @jason.tsai,

I did a quick search and found this (I couldn’t link to the specific part of the page, so you may need to scroll a bit):

https://expressjs.com/en/advanced/best-practice-security.html

But if you look at Use cookies securely you’ll see how to setup a secure session. I think this should do it, but I would go through and make sure, as I only did some cursory research.

Hope this helps,
Dan

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.