This Node.js app shows both session-based and token-based login and profile routes. You can test login and then access profile routes to see how each method works.
import express from 'express';
import session from 'express-session';
import jwt from 'jsonwebtoken';
const app = express();
app.use(express.json());
// Session setup
app.use(session({
secret: 'keyboard cat',
resave: false,
saveUninitialized: true,
cookie: { secure: false }
}));
// Session-based login
app.post('/session-login', (req, res) => {
req.session.user = { id: '42', name: 'Alice' };
res.send('Logged in with session');
});
// Session-based protected route
app.get('/session-profile', (req, res) => {
if (req.session.user) {
res.send(`Hello ${req.session.user.name}, this is your session profile.`);
} else {
res.status(401).send('Not logged in');
}
});
// Token-based login
app.post('/token-login', (req, res) => {
const token = jwt.sign({ id: '42', name: 'Alice' }, 'secret', { expiresIn: '1h' });
res.json({ token });
});
// Token-based protected route
app.get('/token-profile', (req, res) => {
const authHeader = req.headers['authorization'];
const token = authHeader && authHeader.split(' ')[1];
if (!token) return res.status(401).send('No token provided');
jwt.verify(token, 'secret', (err, user) => {
if (err) return res.status(403).send('Invalid token');
res.send(`Hello ${user.name}, this is your token profile.`);
});
});
app.listen(3000, () => console.log('Server running on http://localhost:3000'));