Express: is it possible to bypass sessions for static files?

Question

Express: is it possible to bypass sessions for static files?

I use the fairly simple Express + Mongoose + Passport + Connect-mongo setup and everything works fine. The only thing that puzzles me is that I see passport.unserializeUser , even called for static files, which - from my point of view of the application - is completely pointless.

I can understand that there are cases when you want static files to be serviced under some kind of authorization, but I am wondering how I could “skip” all the session middleware if I serve a static file.

(In a production environment, I could not use cookies for assets)

+6

javascript node.js express passport.js

Claudio Dec 9 '12 at 19:53

source share

2 answers

You can use static files from another domain that does not store cookies at all. It also means that you cannot perform any security checks before servicing these files.

This method is used by various sites such as StackOverflow, Facebook and LinkedIn.

+1

Arjan Dec 9 '12 at 20:24

source share

Dominic barnes · Accepted Answer · 2012-12-10T01:51:24+0000

The second software is called in the order in which it was added. Just move static middleware very early in app.js

For instance:

 app.use(express.static(__dirname + "/public")); // any other middleware app.use(passport()); // or whatever your passport config looks like

Express: is it possible to bypass sessions for static files?

More articles: