Managing Sessions in NodeJS? [closed]

Tag: node.js Author: sky11882 Date: 2010-09-01

What is the best way to manage session variables in Node.js? Is there any library?

Best Answer

You can do that very easily using:

Other option is to use frameworks:

  • Express.js:

    It seems to be the most used node.js framework. Is like Sinatra for Ruby and runs on top of connect.

  • Geddy:

    If you want to do more complex WebApps, Geddy is the one you choose. Is like Rails for Ruby.


What does geddy offer on top of / over express? - Same difference as Sinatra and Rails?
@Michael geddy vs express
I think you should mention that Express is built on top of Connect -- any features or addons that are compatible with Connect will work with Express.
For statelessness, see

Other Answer1

Just offload it to memcache or some other caching mechanism. I wouldn't burden your servers with this sort of thing. What is the point of a super lean web server that has to remember stuff.

I would also try and develop your site as an application and not a website, or treat your website as an application, use the wonderful features of html5 such as local storage/local databases and cut down on the amount of traffic between server and client machines.

If all else fails (or site is small) then what's stopping you write your own session class. Not that difficult. Especially if its an in memory type thing. Put some timer logic to time out sessions and there you go. Damn in a dynamic language such as JavaScript, should be a cinch.

Structure should be a dictionary with key being session and value being an object containing details of last communication and capabilities (to enable access to certain features). Add a sweep function to clear out old sessions that have timed out. and bingo. A basic session service. a basic check on "is session key in list...yes/no...get details"...and I think thats it....or is there some feature that I am missing.

I personally would avoid any third party tool out there for as long as possible. Sands of time shift very quickly and you can always depend on code developed by yourself.


Well in my experience, every time you add a new third party tool, you tie yourself into that third party for the life expectancy of the product your developing. This is bad, the lack of control and understanding of someones idea of good code which has been black boxed is very hard to deal with when something goes wrong (it always does) in the aforementioned black box. You will find many disclaimers attached to third party licence agreements, "use at own risk" is one that I see often. Sands of time do shift quickly and just because someone says that the code is 1.0 doesn't mean jack any more.
If you can program the code yourself and most importantly understand the code, and the code can be developed in a reasonable amount of time, why would you use a third party tool? And I trust all the code I write far more than some third party. I am an engineer not an artist, I build code that sometimes breaks but never collapses. There are no excuses for code that has not been tested. With such tools as integration testing, unit testing, regression testing what excuse do you use to say that your code hasn't been tested? Have more faith in your talents. Your as good as any third party.
There are so many holes in your argument I don't even know where to start. 1) Why use a third party tool: to save time and energy. 2) Open Source != no brand. Express/Connect are made by teams, and their work has been vetted by a large community. They are not "some kid." 3) Reinventing wheels costs time. Maybe your time is free, most people's isn't. 4) You will never know every screw, bolt, and clip. All modern software is built on frameworks, there is simply too much for any one person to know every bit. I honestly don't believe that you can be a professional developer with these opinions.
Frameworks are not "silver bullets". When you program against a Framework, your allowing someone else to take control of the big decisions about the code for you. Surely you can see that? these big decisions once made are very hard to retrace upon, if the Framework is too encompassing then it will make all the major decisions for you. Using Frameworks also obfuscate the actual programming away. Define your interpretation of a Framework, there is more than one type of Framework. Some Frameworks are so integrated to the programming language then I would call these Programming systems.
I never personally insulted you, I said your argument had holes and then I lined them out. You != Your Argument. When I said I honestly don't believe that you can be a professional developer with these opinions, I meant the general "you", not you specifically. Your opinions on frameworks ignore the fact that all modern software uses them. I stand by my position, and this isn't going anywhere. I agree with the accepted answer, that using Express/Connect is the right way to go. Hence my defense of Express.

Other Answer2

nodejs provides a basic http API. http is stateless, and ideas of sessions and session variables exist in framework/protocols build on top of http.

Take a look at or as examples of web frameworks built with node that provide sessions.


Thansk, will look into express.

Other Answer3

Donald's answer is good - once you get into the onion pattern of connect middleware you have to make a decision on what type of session store to use. The default one in express is a MemoryStore, and is not intended for production use. Here are some of your choices:

Mongo - Be sure to use the option 'native_parser:false'

Redis - Very good, but if you aren't already using redis for pub/sub or storage it might not be ideal.

Note, there are other choices - it depends on your project. Look for something you can introduce leveraging your existing technology stack.


I want to focus on the "The default one in express is a MemorySrote, and is not intended for production use". Go to… and read point 7.
That's interesting, so how would you manage user permissions if not by maintaining sessions?

Other Answer4

If you are looking for serious web development using Node.js, use Express framework; it supports sessions.

Create the Express project with the --sessions options.

$ express --sessions

To install Express:

$ npm install express -g