What are some ways to verify authorization without adding burden to the database?

While working with node.js, I've been considering storing a session id in the session variable to verify user authorization for each page request by checking against the database. However, this approach seems inefficient as it involves a database call every time. Storing data in cookies or session variables allows avoiding the database call, but poses a risk of tampering.

I'm curious to know how other web developers address this issue and handle user authentication efficiently. Any insights or best practices would be greatly appreciated!

node.jssessionauthorization

Answer №1

Ensuring a secure server-side session with an encrypted session cookie while using https is crucial for data protection. By storing a value in the server-side session to indicate user authentication status, you can easily verify this information when needed. This approach is commonly used across many websites.

The express-session NPM module offers convenient tools for managing sessions with a compatible session store.

If you have concerns about the security of this method, feel free to share them for further discussion and analysis.

For additional insights on securing node.js servers, consider reading this article which includes tips on safeguarding session cookies: 9 Security Tips to Keep Express from Getting Pwned.

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

How can we effectively test arrow functions in unit tests for Angular development?

this.function = () => { -- code statements go here -- } I am looking to write jasmine unit tests in Angular for the function above. Any suggestions on how to achieve this? it("should call service",()=>{ // I want to invoke the arrow funct ...

node.jsangulartypescriptunit-testingjasmine

MERN application encounters error with running "heroku-postbuild" script during deployment on Heroku platform

During the process of deploying my app to Heroku, everything seems to be running smoothly until I encounter an issue. After logging in, I execute a series of terminal commands for deployment and receive the following responses: heroku login heroku: Press a ...

node.jsgitherokunpmmern

Is there a way to retrieve the response body in Express framework?

In my NodeJS API using Express, I am attempting to save the response body of a request. To achieve this, I have created two middleware functions. app.use((req, res,next) => { res.status(404).json({ errors: [{ field: "url", ...

javascriptnode.jsexpress

Having trouble with eslint in create-react-app because of a parent folder that also has another app with its own node_modules folder?

I have a git repository with two projects inside: a loopback app (named app) and a create-react-app react app (named client). Here is the directory structure: ├─┬app │ ├──node_modules │ ├─┬client ├─node_modules The loopback ...

node.jsreactjsnpm

Wireless camera shutter remote for mobile devices

My goal is to create a camera trigger for my phone by simulating a BLE keyboard that sends the Volume Up key to the connected Bluetooth device. This would allow me to activate the native Camera app instead of an embedded camera view. While I am open to di ...

pythonnode.jsswiftbluetoothhid

Tips on retrieving a single matching record in a many-to-many relationship using Postgres

In an effort to retrieve a user's pet based on the user's id and the pet's id. Description of my tables: CREATE TABLE pet_owner ( id serial PRIMARY KEY, first_name varchar(100) NOT NULL, last_name varchar(100) NOT NULL, phone_number ...

node.jspostgresqlexpress

The problem with utilizing the Node `util.inherits` method

I have encountered an issue with a 'this problem' in a Node server. It seems that replacing worker.stuff with worker.stuff.bind(worker) is necessary for it to function correctly. Is there a way to incorporate the bind method into the Worker Clas ...

javascriptnode.jsexpressthisbind

The connection between NodeJS and a postgres database is not functioning properly

Here is my app.js file: var express = require('express'); var app = express(); var uuid = require('node-uuid'); var pg = require('pg'); var conString = process.env.DB; // "postgres://username:password@localhost/database& ...

node.jspostgresqldockerdocker-composedockerfile

Is there a way to execute code precisely at a specific timestamp?

I am working with a backend that has a REST API containing an array of objects with timestamps (indicating when events occur in the game) along with respective values. {"timestamp":1623320102097,"crops":[0,5,9]} Is there a way to trigg ...

node.jsjson

Convert your HTML files to PDF without using headless Chrome

Currently, I'm on the lookout for a way to create PDFs from HTML without relying on headless Chrome. Is there any alternative solution out there that doesn't require the use of a headless Chrome instance? Your input would be greatly appreciated ...

node.jshtml-to-pdf

Tips for executing a .exe file in stealth mode using JavaScript?

I am currently working on the transition of my vb.net application to JavaScript and I am facing a challenge. I need to find a way to execute an .exe file in hidden mode using JS. Below is the snippet from my vb.net code: Dim p As Process = New Pro ...

javascriptnode.jsvb.net

What is the best way to set up a session using jQuery?

I've been troubleshooting my code and I can't seem to figure out why the jquery.session.js file isn't working. Can someone help me find a solution? $.session.set('rmng_time', remaining_seconds); alert("j session "+$.sessi ...

javascriptphpjquerysession

Interrogate Firebase to retrieve the Key

I'm attempting to query firebase, and I am encountering challenges when trying to retrieve a unique key from the record. While my filter is functioning correctly, I am struggling to identify the object property names within the data. The .key() method ...

node.jsexpressfirebasefirebase-realtime-database

Turning videos into different formats on-the-fly with Node.js and avconv

I am currently developing a real-time video conversion demo application. The video file is parsed using the node-multiparty module, where the file's section is piped to avconv.stdin. Once processed, the chunk is then passed on to a write stream. Belo ...

node.jsavconv

What is the process for displaying HTML page code received from an AJAX response?

My current project involves implementing JavaScript authentication, and I have a specific requirement where I need to open an HTML file once the user successfully logs in. The process involves sending an AJAX request with the user's username and passw ...

javascriptajaxnode.js

Having trouble with Angular 2+/NodeJS/Express routing after refreshing the page?

Initially, I believed this issue to be specific to Heroku, but it persists even when running the application locally with NodeJS. The main page of my Angular app loads perfectly, and the routes function correctly when navigating through the links provided ...

node.jsangularexpressherokuroutes

"Optimizing Long Polling for Maximum Efficiency: Tips for utilizing php, Jquery

Hey everyone, I'm looking to implement real-time flash message notifications for users when they receive a new private message in their inbox. What is the most effective way to achieve this using technologies like PHP 5.3, jQuery, and JSON? I prefer ...

jqueryjsonnode.jssymfonylong-polling

Is it sufficient to only capture 4xx errors?

Is it necessary to catch both 4xx and 5xx errors, or is catching just 4xx errors sufficient? In regular testing of my code, when would a 5xx error even occur? ...

javascriptnode.jsexpresshttphttp-status-codes

Seeking guidance on designating an additional disk for fs.readdir(path) within an Electron-vue application?

Issue: I am facing a problem with the breadcrumbs component in my project, which is utilizing file explorer functionality from this specific project. The issue at hand is related to changing the disk being displayed by the component. Upon clicking on any ...

node.jsvue.jselectron

Error: Unable to locate module: Could not find '@/styles/globals.scss'

I'm encountering an error message with my import statement for the SCSS file in my _app.tsx. Can someone help me find a solution? I'm working with Next.js and have already exhausted almost every resource available online to fix this issue. ...

javascriptnode.jsreactjsnext.jsfrontend