(1) Parsing the Request Body
In HTTP, the request body is the part of the request that comes right
after the header. It can contain any content the application chooses
and is typically used to upload files, post forms, and pass remote
When posting forms, there are two types of request body encoding:
URL-encoded and multipart.
The URL-encoded format is similar to the query string format, and the multipart
encoding is a more complex format that is mainly used to upload files and pass
more complex data types.
When passing arguments to an API call that is hosted by your server, the remote
client can encode the call arguments as a JSON-encoded body.
All of these main types of encoding are specifi ed by the request content type string,
and you would have to switch between these body decoders depending on it.
(2) Parsing Cookies
Cookies are a standard used to store data as short strings on the web browser.
A server can send one or many cookies, and each cookie has a name.
The server can send one or more of these in the response of any request by using
Set-Cookie response headers. The web browser has to store each of them and send them
along as a single Cookie header on the following requests until the cookie expires.
The Cookie header has its own encoding mechanism because many name-value pairs can be
encoded there. Setting a cookie with a name of a cookie that is already stored on
the browser overrides the original cookie.
(3) Using a Session
Several third-party session stores allow you to use Memcache, Redis, and other
database servers as a session store for Connect.
If you use a memory store, the sessions won’t survive a process restart. If
you use a persistent session store, you will have an external service where
the sessions will be kept and survive a Node process restart. Also, using an external
session store allows you to force two or more Node processes to share the session
state, which means that if you use a load balancer, any request can hit any Node
process running your app at any given time and always have the session data
For this example, though, you will use the built-in and default memory store,
but you should use an external persistent store if your production setup involves
more than one Node process.
(4) What's these?
CSRF (cross-site request forgery) protection
static file memory cache
virtual-host support, a request body size limiter
Session store using Redis, Memcache
provide JSONP support
support request timeout
integrate with various methods of authentication
support LESS (the CSS DSL)