Maintain State

In the previous section, you configured Passport to support signing in with Facebook. In this section, you'll add session support to the app in order to maintain state.

When a user signs in to the app with Facebook, they are redirected to Facebook. Facebook takes care of authenticating the user and then redirects them back to the app. For security reasons, it is important that state is maintained and validated between these two redirects.

Passport validates state automatically, but this requires the app to have session support. Install express-session and the connect-sqlite3 session store as dependencies.

$ npm install express-session
$ npm install connect-sqlite3

Open app.js and require() the additional dependencies at line 8, below require('morgan').

var logger = require('morgan');
var session = require('express-session');

var SQLiteStore = require('connect-sqlite3')(session);

Add the following code at line 28, after express.static() middleware, which will add session support to the application.

app.use(express.static(path.join(__dirname, 'public')));
app.use(session({
  secret: 'keyboard cat',
  resave: false,
  saveUninitialized: false,
  store: new SQLiteStore({ db: 'sessions.db', dir: './var/db' })
}));

Now that the app has session support, the next step is to handle the redirect back from Facebook to the app.

Maintain State

SEARCH FOR STRATEGIES