```server.js
'use strict';
var HTTP_PORT = process.env.PORT || 8080;
var express = require('express');
var path = require('path');
var app = express();
var bodyParser= require('body-parser');
var logger = require('morgan');
var cookieParser = require('cookie-parser');
var mongoose = require('mongoose');
var session = require('express-session');
//https://www.npmjs.com/package/connect-mongo require it after require the seesion
var connectMongo = require('connect-mongo')(session);
//require passport from: https://github.com/jaredhanson/passport-local
mongoose.Promise = global.Promise;
mongoose.connect('mongodb://localhost:27017/online-cart', { useNewUrlParser: true});
mongoose.set('useCreateIndex', true);
// importing route
var indexRouter = require('./routes/index');
// module providing Connect/Express middleware
var cors = require('cors');
app.use(logger('dev'));
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());
app.use(cookieParser('ese330'));
app.use(cors());
// routers(app);
//enable session, save session with a secret key from: http://www.senchalabs.org/connect/session.html
//according to: https://www.npmjs.com/package/express-session,
app.use(session({
secret: 'ese330',
resave: false,
saveUninitialized: false,
//https://www.npmjs.com/package/connect-mongo --- Re-use a Mongoose connection already existing before
store: new connectMongo({ mongooseConnection: mongoose.connection }),
//session expires after 5 minutes
cookie: {maxAge: 3600000}
}));
app.use(indexRouter);
app.listen(HTTP_PORT, () => {
console.log("app listening on: " + HTTP_PORT);
});
router:
router.get('/token',function(req,res,next){
// res.cookie("token",req.csrfToken(),{maxAge: 900000, httpOnly: true});
console.log(req.session.id)
res.status(200).json({message:'oken:req.csrfToken()'});
})
router.put('/user/login',function(req,res){
var email = req.body.email;
var password = req.body.password;
User.findOne({email:email},function(err,user){
if(err)
res.status(200).send({code:120,msg:err.message}).end();
if(!err){
if(user.passValid(password)){
req.session.email=email;
req.session.save()
console.log(req.session)
if(email === 'manager@manager.com'){
res.status(200).send({code:1,msg:'manager'})
}
else
res.status(200).send({code:0,msg:'success'})
}
else{
res.status(200).send({code:100,msg:'wrong password'})
}
}
})
})