NodeJS Passport session serialize - deserialize user into session?

1
votes

I am implementing a web application in NodeJS in which a user is required to log in before visiting each page.

I implemented the user authentication with the Passport module. According to the passport guide page, I have created the serializeUser and deserializeUser user functions in passport configuration, in order to use session tracking.

In the deserializeUser function, I get the stored info from the cookie, passed in to the first parameter of the function, and search in the user table in the database to retrieve the user details and pass it to the done function.

However I see that in every request the deserialized function is called and queries the database to retrieve the user details and pass it to the done function.

My question is, whether this constant querying the database (in matters of performance and logic), to get the user object, is correct practice, or I have understood and implemented something wrong. Possibly doing something not really required?

1
node.jssessionserializationpassport.js
Yup, it is indeed the correct usual practice. If you don't want to query database you could store the users in memory. But I wouldn't worry too much.laggingreflex
possible duplicate of How to properly use Passport.js?laggingreflex
@laggingreflex Thank you for your answer. I have also thought the memory saving of users. But I had my doubts concerning if this is the correct practice to follow. Thanks againmitsos1os

1 Answers

2
votes

That's correct behaviour yes: deserializeUser() will fire with each request, and if that entails loading data from your database, then that is what will happen. Ordinarily this simply won't be a concern as the load will be so quick, but if there are issues with it, chances are you have wider database / network problems in your app anyway.

(There's nothing to stop you caching data if needs be).