Remember, an HTTP request is just a string.
GET / HTTP/1.1
Host: localhost
Cookie: theme=light; sessionToken=abc123
True, you only need to provide your credentials once, but how does the server remember that you've logged in?
Cookies are only a part of the whole picture.
You shouldn't trust cookie values for everything.
Since client information is unreliable, we use sessions to store information on our servers.
var user = { username: 'bob', email: 'bob@example.com' };
app.get('/profile', function (req, res) {
res.render('profile', user);
});
const users = [
{ username: 'bob', email: 'bob@example.com' },
{ username: 'alice', email: 'alice@example.com' }
];
app.get('/profile', function (req, res) {
var id = req.cookies.id
res.render('profile', users[id]);
});