As a follow-up on Avoid storing cookies for visits to public pages , I use NodeJS and Express. I would like to use cookies only for the logged-in pages, not store cookies on the user's browser for public pages, and use flash messages in notifications for users who login and also for public page visitors, e.g. when a page is no longer available before redirecting to another.
My first attempt with express-session and express-flash saves a simple cookie in the browser called connect.sid with the session ID and also a document in the store with an empty flash field:
> db.sessions.find().pretty()
{
"_id" : "DObp-FFNJGLD5c5kLKWfkCaEhfWHtWpo",
"expires" : ISODate("2022-03-03T19:41:29.807Z"),
"session" : {
"cookie" : {
"originalMaxAge" : 7776000000,
"expires" : ISODate("2022-03-03T19:41:29.807Z"),
"secure" : null,
"httpOnly" : true,
"domain" : null,
"path" : "/",
"sameSite" : null
},
"flash" : {
}
}
}
Is it possible in NodeJS to have use sessions for logged-in users and flash messages server-side only?
