Both intermediaries use client-side cookies to support the user context, i.e. the session. The difference is as follows:
- What is stored in cookies and
- Do I need a server store
The table below compares the cookieSession middleware and the session wrt session middleware :
+----------------+-----------------------+----------------------+ | | Client-side store | Server-side store | | | (cookie) | (in-memory, db ..) | +----------------+-----------------------+----------------------+ | Middleware | Used? | Content | Used? | Content | +----------------+--------+--------------+-------+--------------+ | session | Yes | Session ID | Yes | Session data | +----------------+--------+--------------+-------+--------------+ | cookie-session | Yes | Session data | No | N/A | +----------------+--------+--------------+-------+--------------+
cookieSession middleware is simpler because it does not require any additional server storage, as the server remains completely stateless. Session middleware requires server storage. An obvious limitation of the default session storage in memory is that it does not work when there are multiple server instances; in such cases, alternative storage (such as a database) will be required, which makes it relatively complex. In general, although session middleware is more commonly used because it is more flexible (for storing sensitive data or large payloads, etc.).
Brij May 20 '16 at 6:55 2016-05-20 06:55
source share