I'm creating josi, a web framework for node.js. And I'd like to add session storage. What would be the best way to implement this? I'm assuming it probably has to be cookie based, but I'm interested in knowing if any other frameworks have a different approach.
I had a look at josi a few days ago. Very nice work!
Other than cookie based, you could use infamous session tokens (e.g. JSESSIONID
, PHPSESSID
and ASPSESSIONID
) and put them in hidden forms or the URL query string.
Cookies are really the best option. They work perfectly for the job.
You always need to reference the server session somehow, cookies are the de-facto standard for this sort of stuff.
How the session is stored on the server side is usually up to you... I really like PHP's approach with session_start();
which does all the session storage and cookies setting for you.
PHP for example stores the session data in a file, making it cross-platform (all platform's have disk storage APIs). Other session mechanisms use a relational-database like MySQL, but that's not really cross-platform unless you want to target those type of users.