Remember, an HTTP request is just a string.
GET / HTTP/1.1 Host: localhost Cookie: theme=light; sessionToken=abc123
True, you only need to provide your credentials once, but how does the server remember that you've logged in?
Cookies are only a part of the whole picture.
You shouldn't trust cookie values for everything.
Since client information is unreliable, we use sessions to store information on our servers.
var user = { username: 'bob', email: 'bob@example.com' }; app.get('/profile', function (req, res) { res.render('profile', user); });
const users = [ { username: 'bob', email: 'bob@example.com' }, { username: 'alice', email: 'alice@example.com' } ]; app.get('/profile', function (req, res) { var id = req.cookies.id res.render('profile', users[id]); });
Redis Tutorial
By Tony Gaskell