Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

JavaScript User Authentication With Express and Mongo Improving the App with Custom Middleware Using Session Variables to Customize Content

Chris Collier
Chris Collier
17,774 Points
Posted by Chris Collier
Chris Collier
17,774 Points

Is there a problem with setting the userId on the response object?

Am I the only one that has a problem with the idea of adding the userId to the response object? I thought that everything on the response object was sent from the server to the client - doesn't this open up the userId to the client? Does that violate the purpose of sessions - to protect that sort of info from the client? I would think that we would be creating a global variable in app.js, which then would not be sent to the client.

//make user ID available to templates
app.use(function(req, res, next){
  res.locals.currentUser = req.session.userId;
  next();
});

1 Answer

Alexander La Bianca
Alexander La Bianca
15,959 Points
Alexander La Bianca
Alexander La Bianca
15,959 Points

There is nothing wrong with a userId. What are you using the abvoe userId for? The problem with keeping a variable in app.js is that app.js is not like a client side script that is just loaded on the client. If you kept it in app.js how do you know to update that global variable if you are having thousands of requests coming in.