Step 19

Another useful property of cookies is expiration time. Have you noticed some web services require you to login after certain time has passed since you last logged in? The JHU authentication works this way. Sometimes I need to login several times in a day to access my email through their webmail service (which I find annoying). Other services, like Gmail and YouTube, keep you logged in until you log out.

Update where the username cookie is set:

- res
-  .cookie("username", user.username, { signed: true })
-  .redirect(`/dashboard`);

+ res
+  .cookie("username", user.username, { signed: true, maxAge: 2000 })
+  .redirect(`/dashboard`);

Save index.js. Login using a valid credential. Give it 2 seconds and then refresh! You must be redirected to login page!!

The maxAge value is in milliseconds. I will set it to 2 hours for this application:

res
  .cookie("username", user.username, { signed: true, maxAge: 7200000 })
  .redirect(`/dashboard`);

There is so much you can do with cookies. If you want more, you must store information pertaining to user login and visits on the server side (backend). The technical term often used to contrast this alternative strategy from using (Web) cookies, is using (Web) "sessions".

A session can be defined as a server-side storage of information that is desired to persist throughout the user's interaction with the web site or web application.

Cookies are still used with sessions but typically the cookie for an application contains an identifier for a session.

We will not cover web sessions. If you are interested, here are some helpful resources:

• What is a web session?
• How does a web session work?
• Difference between Cookie and Session.
• How to build a simple session-based authentication system with NodeJS from scratch.
• All You Ever Wanted to Know About Sessions In NodeJS.