Understanding passport serialize deserialize
In cobbling together my first node app from an array of guides and SO posts i have now stumbled across the serialize and deserialize passport functions...
I kind of understand their functionality.. but something doesn't seem right.
http://toon.io/understanding-passportjs-authentication-flow/:
passport.deserializeUser is invoked on every request by passport.session. It enables us to load additional user information on every request. This user object is attached to the request as req.user making it accessible in our request handling.
This means that every single request runs a db request to retrieve the user object? My app definitely does not require a db request to aquire the full userobject on every single request.. in fact i cannot think of an app that would require this..
Thus, if i only register a serialize function and not a deserialize function.. is this the best practice to stop passport assigning the entire user object/mongo doc to session whilst at the same time reducing the db read count per page/api request?