Learn how to secure a simple Node.js and Express app by adding user authentication with Passport.js and Auth0.
Brought to you by @dan-auth0 
5 Likes
Node.js is both a platform and a topic that I love. Let me know how you like this blog post, what questions you may have, and/or what others topics related to Node youād like to read. I am here for you!
1 Like
Nice tutorial. I like seeing the non-JWT side of things. I have a question about sessions though.
I read that Express sessions basically set a cookie with the ID of the session, and then for each subsequent request, the Express middleware you set up will perform a session lookup to attach the session data to the req object, and thatās how the subsequent middleware like your app routes will have access to the logged in user. Since I didnāt see you connect anything like Redis or any database to the session middleware, Iām guessing itās storing it in memory.
What do you do when youāve got an app that is horizontally scaled? Perhaps itās deployed to Heroku, AWS Lambda, or a Kubernetes cluster with pod autoscaling enabled, and once traffic scales up, there will be more than one process that your visitors hit. Can you override the session middleware to store session values in something that each process can access, like Redis?
Edit:
Found the answer after more digging. The readme for the session middleware itself talks about implementing custom session stores and lists popular libraries that are already capable of storing sessions in things like Redis, PostgreSQL, MongoDB, and even the cloud databases like AWS DynamoDB and Google Cloud Firestore. Neat. (GitHub - expressjs/session: Simple session middleware for Express)
Great tutorial!
I follow all the steps on the blog but is is error saying passport.initialize is not a middleware,
and i see some changes in the code in github in the ENV part that solves the issue
@johndavemanuel you need to install passport
npm install passport
1 Like
Hi @aparralorenzo,
Welcome to the Auth0 Community Forum!
Thanks for helping out on this.
@johndavemanuel Did this solve you problem?
In the future please create a new topic for your problem with a link to the blog/doc. This helps us answer your questions more quickly!
Thanks,
Dan
Hi, thanks for the tutorial but Iām not having much success with it.
Even if I git clone the project, npm install and create the relevant .env file, I always end up in a redirect loop when trying to signup/login, irrespective of login type (happens on email/pw too).
It just pingpongs between
and
http://localhost:3000/callback?state=blah
This is with Node 10.x latest on Windows 10. Is that config known to work? Any other info I can provide to help debug?
Thanks
Conor
2 Likes
Hey there @conor!
Thanks for reporting that and providing that context. Iām sure that @dan-auth0 who is the article author will look into it soon and help you troubleshoot that!
I am on it. Iāll double check the content again. I donāt have access to Windows but Iāll reproduce the blog post using Linux as you may be able to use the Linux Subsystem in Windows which can give us a common ground 
Thank you for your time reading this post!
1 Like
Thanks Dan. I tried it on OSX today with the same result.
I am going to rework some of the post. There are some areas of it that make it difficult to know where to enter new code. Give me till the end of the week and Iāll have it ready. Itās working for me but it was a bit confusing 
Appreciate it Dan thanks! So should I ignore the github repo for the moment?
1 Like
Please do 
I was trying the āmulti-folderā approach with that repoā¦ haha and I think itās way too confusing. I"ll be using branches instead 
I got the review of the first part done yesterday (code is the same) and Iāll work auditing/restructuring the second part today 
I havenāt forgotten about you I ended up optimizing some of the content of the first part. I will be working on the second time tomorrow. Thank you again for reading our content 
Thanks again Dan. Iāll give it a try when youāre done with the second half.
Thanks a lot for letting us know Conor! Stay tuned!
Conor, thank you for your patience. It took longer than expected but here it is:
I rewrote both parts. They are now more independent of each other and I also hope this part is now easier to follow along. Let me know what you think, please
The rewrite of Part 1 should be going live next week.
Thatās exactly what I needed Dan. Worked perfectly. Thanks again!
1 Like
Wooohooo! Perfect to hear that @conor!
Thanks for the tutorial! Iām getting an error "ReferenceError: Cannot access āsessionā before initialization at the line app.use(expressSession(session)); and not sure where I went wrong.
1 Like