FAQ: Sessions in Express - Accessing Session Data

Frequently Asked Questions Uncategorized
1

Community%20FAQs%20on%20Codecademy%20Exercises
Community%20FAQs%20on%20Codecademy%20Exercises1000×208 141 KB

This community-built FAQ covers the “Accessing Session Data” exercise from the lesson “Sessions in Express”.

Paths and Courses
This exercise can be found in the following Codecademy content:

(Beta) User Authentication & Authorization in Express

FAQs on the exercise Accessing Session Data

There are currently no frequently asked questions associated with this exercise – that’s where you come in! You can contribute to this section by offering your own questions, answers, or clarifications on this exercise. Ask or answer a question by clicking reply (reply) below.

If you’ve had an “aha” moment about the concepts, formatting, syntax, or anything else with this exercise, consider sharing those insights! Teaching others and answering their questions is one of the best ways to learn and stay sharp.

Join the Discussion. Help a fellow learner on their journey.

Ask or answer a question about this exercise by clicking reply (reply) below!
You can also find further discussion and get answers to your questions over in Language Help.

Agree with a comment or answer? Like (like) to up-vote the contribution!

Need broader help or resources? Head to Language Help and Tips and Resources. If you are wanting feedback or inspiration for a project, check out Projects.

Looking for motivation to keep learning? Join our wider discussions in Community

Learn more about how to use this guide.

Found a bug? Report it online, or post in Bug Reporting

Have a question about your account or billing? Reach out to our customer support team!

None of the above? Find out where to ask other questions here!

2

after adding the “authenticated” property to the req.session object and assigning it the value of “true”,
it is still read as “undefined” whithin the “ensureAuthentication” function, resulting in the rendered json of:
“{“msg”:“You’re not authorized to view this page”}”

Credentials used:
sam
codec@demy10

3

UPDATE: Upon further investigation, I have discovered and resolved the issue. (for Chrome on Windows OS).

Issue: The browser was throwing the following error in the console:

Cross-Origin Read Blocking (CORB) blocked cross-origin response <URL> with MIME type application/json. See <URL> for more details.

Fix: Open the Run program (Windows + R) paste/type in the following command:

chrome.exe --user-data-dir="C:/Chrome dev session" --disable-web-security

This will open a Chrome browser with certain security features disabled, including the one causing the security issue mentioned above.
Log in to Codecademy through that browser and the exercise should work perfectly.

1 Like
4

In the exercise, it looks like we’re passing the ejs file “shop” and the object req.session.user with the app.render call but wouldn’t that be insecure? req.session.user contains the user’s password, won’t this get sent to the client after calling app.render?