Quiz

1. Can we talk more about the relationship between cookies and sessions? And why, even though there are multiple ways to create sessions, that we use cookies?

   For sure! Cookies are part of the basic HTTP protocol: browsers and servers send them back and forth as part of the headers of the request and the response.

   You can do lots of things with cookies, including info about zip codes, shopping carts and, most importantly, unique identifiers.

   The unique identifiers could be used in the back end to look up session data from some kind of data store, including a database like MongoDB or even from the filesystem (PHP does this).

   Alternatively, we can put the session directly in the cookie, serializing, compressing, and digitally signing the data.

   The digital signature means that the data can't be (successfully) tampered with.

   Either approach can work, but the cookie approach has some advantages: (1) no storage on the server, (2) no dependence on a single back-end server, and (3) no I/O to look up the data.

   Flask, a Python-based framework, does the same thing.

2. Could you talk more about flashing? I'm confused about where flashing would occur in the code/how the page template and javascript work together.

   Glad to! The basic idea is that your back-end code can use the rec.flash() function a little like a print statement:

   
       if( result.success ) {
           req.flash('info', 'your data was saved');
       } else {     
           req.flash('error', 'OOPS! your data was not saved!');
       }
   
   

   Everything else is kinda automatic. In particular, your EJS files already have code to extract and display these messages, as we just saw.

   the flash feature is built on sessions, which are built on cookies.