Logging in is just the start. What happens next in a web app when you want access to your personalized data? Express, Express-Session, and Passport.js not only simplify the login process but also make it easy to handle authenticated requests.

In this post, we'll focus on what happens after a user has successfully logged in. I'll guide you through each step, from the user making a request for personalized data, to verifying the user's identity, and finally sending back the requested information. By the end, you'll have a clear understanding of how to secure your application's routes and data using Express, Express-Session, and Passport.js.

• User Makes Authenticated Request

  A user asks for data that is specific to them, like book recommendations, by sending a request that includes proof of being logged in.

• Receive Request on Back End

  Our server catches the request and gets ready to check if it's from a recognized user.

• Express-Session Validates Session Cookie

  We confirm the user's 'digital ID card' (session cookie) is valid, ensuring they are who they say they are.

• Retrieve User Data

  Using the session cookie, we find the user's full details in our records to understand who's asking for data.

• Passport Attaches User Data to req.user

  We attach the user's details to the request, making it easy to access their information that may be necessary to process the request.

• Use req.user to Retrieve Data and Send to Client

  With the user's info at hand, we fetch what they asked for (like their favorite genres' books) and send it back to them.