User registration and logging in a server for Node.js.

Question

I am starting to take on a rather ambitious project (for my level of web programming experience). Suffice to say my level of web programming in rather minimal. I understand basic HTML/CSS/JS. Rather than going to learn everything from beginning I want to do a project and learn as I go. I chose to use Node.js as I am a little familiar with JS.

So the first step in my endeavor is to make a user registration and log in system. To do this I want to do the following:

1. Create a system for a user to register by entering an email and a password
2. Automatically log the user in next time he accesses the site
3. Persistent log in within a session

I am asking for any examples or tutorials regarding this for Node.js. I know I have to start from the beginning so really appreciate your help.

Some fundamentals I need to learn are:

1. How a user is automatically logged in when visiting the URL. For example, when I go to gmail.com in my browser, it directly takes me to my Inbox. How was the user information passed from my computer to the server?

2. How are usernames and passwords received and checked in the server side? Does Node provide any assistance in doing this?

I assume from these questions you understand my level of web programming and I would really appreciate some help in getting started. A good book you would recommend, tutorial, anything.

Thank you and I hope this wont be closed as nonconstructive.

Answer 1

For user authentication system you can use passport.js.

Regarding logging in when user comes later, you need to use session and for better consistency, it can be even shared session storage. Here is good article for that.

If you have shared session, then many services that store session there, will be able to restore session and authentication data.

Session is using cookies (usually), and they are one of the important data that is used in order to restore session ID, in same time there is more than that (browser data, end point (IP)), so it is still very reliable, and stealing cookies - will not allow you to get into someones session so easily.

In order to keep "remember me" login system, you need reliable and long lasting sessions on server side, that expire something like in 7 days after last activity or so. It means your session should be lightweight, and store only most important data. Same time you can have many levels of data stored with different expiration times.