WebFund 2013W: Sessions
In this tutorial we'll examine a simple express demo that lets you set a session by "logging in". Note that there is NO SECURITY in this example. We will cover that later!
First, download and look at demo-session-auth. After running "npm install" in the directory, you should be able to run "node app.js".
(If you need to get node running on Windows computers where you don't have admin access, see the last tutorial.)
You'll notice this app allows you to login, and then once you are logged in you stay logged in until you log out. Your login state is stored in a cookie managed by express. Specifically, notice how this code makes use of the session functionality of connect.
To test your understanding, modify this application so that when you login, you get a list of logged in users. With each user is associated personal information that can be updated by just that user. Specifically, implement the following
- /: Login screen if you aren't logged in
- /: List of logged in users, if logged in
- /info: information on the logged in user in editable fields (name, address, email, invisible)
- /update: update personal information (POST for /info form)
Logout should take you back to the login screen or a custom "you've logged out, click here to login again" screen.
How hard is it to keep per-user information separate?
Good luck!