What is Session-based authentication in NestJS?

NestJSframework~5 mins

Session-based authentication in NestJS

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Introduction

Session-based authentication helps keep users logged in by saving their login info on the server. It makes sure only the right people can access protected parts of your app.

You want users to stay logged in while they browse your site.

You need to protect pages so only logged-in users can see them.

You want to store user info safely on the server, not in the browser.

You want to easily log users out by clearing their session.

You want to track user activity during their visit.

Syntax

NestJS

import { Module } from '@nestjs/common';
import * as cookieParser from 'cookie-parser';
import * as session from 'express-session';

@Module({
  // Session configured in bootstrap
})
export class AppModule {}

// In main.ts or bootstrap:
/*
app.use(cookieParser());
app.use(session({
  secret: 'your-secret-key',
  resave: false,
  saveUninitialized: false,
}));
*/

// In your controller
import { Controller, Get, Req, Res } from '@nestjs/common';
import { Request, Response } from 'express';

@Controller()
export class AuthController {
  @Get('login')
  login(@Req() req: Request, @Res() res: Response) {
    req.session.user = { id: 1, name: 'Alice' };
    res.send('Logged in');
  }

  @Get('profile')
  profile(@Req() req: Request) {
    if (req.session.user) {
      return req.session.user;
    }
    return 'Not logged in';
  }
}

Configure cookie-parser and express-session middleware in the NestJS bootstrap() function.

Store user info in req.session to keep it across requests.

Examples

Saves user info in the session after login.

NestJS

req.session.user = { id: 1, name: 'Alice' };

Checks if a user is logged in by looking for session data.

NestJS

if (req.session.user) {
  // user is logged in
}

Logs out the user by clearing their session.

NestJS

req.session.destroy(() => {
  // session cleared, user logged out
});

Sample Program

This simple NestJS app uses session-based authentication. When you visit /login, it saves user info in the session. Visiting /profile shows the user info if logged in. Visiting /logout clears the session.

NestJS

import { Module, Controller, Get, Req, Res } from '@nestjs/common';
import { NestFactory } from '@nestjs/core';
import * as cookieParser from 'cookie-parser';
import * as session from 'express-session';
import { Request, Response } from 'express';

@Controller()
class AuthController {
  @Get('login')
  login(@Req() req: Request, @Res() res: Response) {
    req.session.user = { id: 1, name: 'Alice' };
    res.send('Logged in');
  }

  @Get('profile')
  profile(@Req() req: Request) {
    if (req.session.user) {
      return req.session.user;
    }
    return 'Not logged in';
  }

  @Get('logout')
  logout(@Req() req: Request, @Res() res: Response) {
    req.session.destroy((err) => {
      if (err) {
        return res.status(500).send('Error logging out');
      }
      res.send('Logged out');
    });
  }
}

@Module({
  controllers: [AuthController],
})
class AppModule {}

async function bootstrap() {
  const app = await NestFactory.create(AppModule);
  app.use(cookieParser());
  app.use(session({
    secret: 'my-secret-key',
    resave: false,
    saveUninitialized: false,
  }));
  await app.listen(3000);
}
bootstrap();

OutputSuccess

Important Notes

Sessions store data on the server, so users can't change their login info directly.

Always use a strong secret key to keep sessions secure.

Session data is temporary and usually expires after some time or when the user logs out.

Summary

Session-based authentication keeps user info on the server to track login status.

Configure express-session in NestJS to manage sessions.

Store and check user info in req.session to control access.