• Web

Session Middleware Example

From the class:  Session Cookies

In an effort to make things more clear in this class, we called these methods directly inside of our application function to parse the cookie, get the session, and then to set it again right before we end the response. But in most application frameworks, it's not going to be done this way. Instead the functionality required to parse cookies and to deal with session would be implemented in something called middleware. I want to show you a couple examples of that, and then we'll implement it ourselves in Node.js.

I'll include a video in the appendix of this class that will walk you through connect middleware, which is the middleware stack that we're going to use. But in general, middleware allows us to attach functions to an array of functions that we'll get called, as an HTTP request is being processed by our application. It's a nice way to package up functionality, so that we can add functions from other people very easily.

It's a very common paradigm in web application frameworks. For example, here's a Rails application. And if I type in Rails middleware, I'll get a list of all the middleware functions that have been added for this application. These are the ones that are added by default.

if you look in the middle, two that have to do with sessions cookie. So use action dispatch-- this is what's going to parse and deal with cookies. And then there's another one here called session. And you can see that by default, it's using this cookie store, like we did in this example. So this is an example of a Rails application using cookies in session.

And here's an example of an Express app. So Express is Node.js based MVC framework, similar to rails. But it works a little bit differently. I notice here we explicitly say which middlewares we want to use by calling the use method. Now, Express uses the connect middleware stack, which is the same one we're going to use in the rest of this video. And you call the use method and pass it the middleware function.

So notice the cookie parser gets passed by calling this method here. And there's no session, middleware. It's added in Express. It looks like we would have to add that ourselves. But at the very least, out of the box, you get the cookie parser. Now, I suspect if you look at a bunch of other MVC frameworks, whether it be in Java or Python or whatever other language or framework that you're comfortable with, you would see cookies and sessions implemented as some kind of HTTP middleware.

All right. Back in my project folder, I'm going to install connect. That's the middleware package we're going to use. So I'll say npm install, connect. And I'll use the Save option. That will save it into the package JSON file. That way when you clone this project, you can just type npm install. And all the dependencies required to run this will be installed for you automatically.

Then back in the project, I'm going to create a folder called live. That's where we can put these different modules that we're about to create. And then in the library modules, I'm going to require a connect. That's the package that we just added.

First thing I need to do is to create a new application, which I can do by calling the connect method. And then I can call app.use, and pass functions that take request, response, and the next function to pass to the next level of middleware. So watch that connect middleware video in the appendix if you're confused by what this is doing.

Right now, our goal is to take out all these different individual functions and leave the application to just this simple switch statement, even getting rid of the session part. We want that all to be abstracted, so that our application can just work directly with the session. And if it wants, it can call reset session and methods like that. But we want this to be done in middleware.

So let's pull out these functions. We'll use a little bit of knowledge here from Node.js, which I'll include again in the-- not a prerequisite, but a class that you can watch if you want to learn more about how modules work in Node.js, but very similar to Ruby or any other language that uses modules. We're going to export using this module exports.

And we can export a function that just takes some options. And what it needs to do is return a function that will be used as middleware. And a middleware function just has to provide a request or take a request, response, and a next method. And that next method allows us to pass control to the next piece of middleware.

And then so we get proper debug information in stack traces. I like to name the functions so that they're not anonymous. So I'll call the cookies. And we'll just follow this pattern for all of these different library files that we created. So just replace cookies with logging, and same thing for session.

Next up, we can start extracting out this functionality into their respective middleware files that we just created in the lib directory. For instance, I can take this log function and I'll cut it to the clipboard and move it over to logging and paste it in, so we have it as a reference. Move this to the top. And I can take most of this right inside of here and cut and paste it into the middle or function. Just make sure at the end, you call the next method, because that will pass control to the next middleware function in the list.

Then back in the server, I can get rid of that logging function completely, and just call the use method of the app. And inside of that, I'll just require the new library file I just created. So it's in the lib folder, logging. I don't even need to use js. I can just say logging like this. And then call that function with whatever options I want. So this will be a common pattern you'll see in Node.js applications, where you pass some options to the middleware function.

And I'll do the same thing for the other two pieces of middleware that I'm going to create. And that'll let me get rid of all of these functions down here, and even get rid of the functionality in the application that's not directly related to the app. So get rid of log, parse cookie, get session. And even set session, I can get rid of. I'm going to move all of that into their middleware.

All right. I went ahead and finished that work off camera, because it took a little bit of time. But you can hopefully see that this is a lot more cleaned up now. And we're requiring these modules as middleware functions, and then I just moved the main function into another middleware of its own. And now instead of having all the cookie in session logic right inside of the application, it's been extracted away. So we don't have to worry about it as much.

So if you want to see how all of that works, you can go and take a look at these individual files from the repository that comes with the class. But even if you don't understand the implementations, that's OK. I just wanted to point out that with most web frameworks out there today, this kind of stuff is going to be implemented as middleware. And so that's where you should go look for it, if you're wondering where it all exists.

So now that you have a firmer grasp on sessions, we're going to be building all kinds of things on top of session. It's going to enable tons of use cases around authentication and also around systems that involve knowing who a user uniquely is. So I hope that this class gave you a better sense of what they are and how they are implemented using a HTTP cookies.