Node.js activity management

Hi,

So I want users to be able to view all logged-in devices as well as log out from all or specific devices. How can I achieve this? Do I just store sessions in database?

I’m using express-session right now for session management.

When a user logs in or creates an account, store the session cookie in the db along with the user-agent, IP address and current time. Update the timestamp whenever an endpoint is authenticated with that session (a separate middleware is a good fit for this). For a list of available session stores for express-session, check this list https://www.npmjs.com/package/express-session#compatible-session-stores.

Okay thanks! Is it secure to just store the session cookies in database?

Yup! That’s actually the recommended approach. Express-session only stores the session ID in the browser and uses it to retrieve the rest of the session from a specified store. By default it uses the memory (RAM) which is not recommended in production and should be replaced with something like Redis, MongoDB or PostgreSQL.

From their docs:

Warning The default server-side session storage, MemoryStore , is purposely not designed for a production environment. It will leak memory under most conditions, does not scale past a single process, and is meant for debugging and developing. For a list of stores, see compatible session stores.

Okay I see. Thank you!