When a trusted user has been successfully logging into the dashboard, her/his user data is stored in MongoDB database in the session collection. However, an ID of the user's data was created and saved in the user's browser for reference to that data. By checking user data in the session collection, we know who and who have been logging into the dashboard. As the result, we can use Express session to allow logged users to directly get in and get out into and out of the dashboard without restriction.
//route/login.js
import express from 'express'
const loginRoute = express.Router()
loginRoute.get('/login',async (req,res,next)=>{
if(req.session.user){
res.redirect('/admin/job')
}else{
const module = await import('../controller/login/getLogin.js')
module.default(req,res)
}
})
loginRoute.post('/login',async (req,res,next)=>{
const module = await import('../controller/login/postLogin.js')
module.default(req,res)
})
export default loginRoute
The ID for user data is stored in a signed cookie in the user's browser. This ID can be seen, but one needs the SECRET_KEY to modify it.