How to avoid storing user session in database?

jasminindia · December 3, 2020, 2:02pm

Hi,

Current ExpressOIDC implementation require session to be stored in memory or some database(mongo). i don’t want to use database as it headache to manage database to store user session. is it good idea not have database?

is there any implementation where once authenticated from Okta , it generate Cookie and that can be used for subsequent call?

i am also using JWT Tokenizer. based on Cookie would i able to get JWT token?

Example i used:

github.com

okta/samples-nodejs-express-4/blob/master/common/sample-web-server.js#L41

      
        
              issuer: sampleConfig.oidc.issuer,
              client_id: sampleConfig.oidc.clientId,
              client_secret: sampleConfig.oidc.clientSecret,
              appBaseUrl: sampleConfig.oidc.appBaseUrl,
              scope: sampleConfig.oidc.scope,
              testing: sampleConfig.oidc.testing
            }, extraOidcOptions || {}));
            
            
const app = express();
            
            
app.use(session({
              secret: 'this-should-be-very-random',
              resave: true,
              saveUninitialized: false
            }));
            
            
// Provide the configuration to the view layer because we show it on the homepage
            const displayConfig = Object.assign(
              {},
              sampleConfig.oidc,
              {

app.use(session({
secret: ‘this-should-be-very-random’,
resave: true,
saveUninitialized: false
}));
const oidc = new ExpressOIDC(Object.assign({
issuer: sampleConfig.oidc.issuer,
client_id: sampleConfig.oidc.clientId,
client_secret: sampleConfig.oidc.clientSecret,
appBaseUrl: sampleConfig.oidc.appBaseUrl,
scope: sampleConfig.oidc.scope,
testing: sampleConfig.oidc.testing
}, extraOidcOptions || {}));