# Sessions We'll need to... 1. Install `express-session` middleware 2. Setup the session module In order to save whether the user is logged in or not, we'll need to create a persistent session for each user. Each session will associate data with a user, and each user will be mapped to their data via a value stored in a cookie. Instead of directly altering the session, we'll use a third-party module called Passport to do it for us. ## Install express-session ``` npm i express-session ``` ## Setup the session module **server.js** ```javascript // at the very top, require express-session const session = require('express-session'); /* * setup the session with the following: * * secret: A string used to "sign" the session ID cookie, which makes it unique * from application to application. We'll hide this in the environment * * resave: Save the session even if it wasn't modified. We'll set this to false * * saveUninitialized: If a session is new, but hasn't been changed, save it. * We'll set this to true. */ app.use(session({ secret: process.env.SESSION_SECRET, resave: false, saveUninitialized: true })); ``` **.env** ``` SESSION_SECRET=uiohjknjuhbuttslouihknj ``` ## Session finished To verify that this session works, we'll start setting up Passport and login functionality in the next section. There are no tests associated with the sessions right now. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://romebell.gitbook.io/sei-802/node-express/express-authentication/auth-in-practice/04sessions.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.