Session

Sessions allow you to persist server-side data across requests

Remember HTTP is stateless, so different connections to the server are not inheriently related.

Sessions

The browser can uniquely identify itself across requests by presenting a unique id in each request is makes. This value is called a session id and is most commonly stored in a cookie.

The session data is stored server-side so that the user does not have a chance to manipulate the data directly.

express-session

With express-session, session data is stored and accessible in the req.session object.