I have this doubt: let's say a user navigate to a path /test?token=somelongstring
. This path, before rendering the view, sets two app.locals
, for instance:
app.locals.email: "test-user-email" + user.email;
app.locals.name: "test-user-name" + + user.name;
The user
variable is taken from an API using the token query string variable.
Than another user goes to the same path, with a different token, setting those two variable with his values.
Now, let's say there is another route, /display
that shows these variables. User 1 goes to that path after user 2 has set the app.locals
. What user 1 will see? Will he see his values or the user2 values? I suppose user2, since app.locals
are shared across the application, rather than the instance, but I'm not exactly sure (and unfortunately I can't test myself right now)
You should consider reading the official documentation here
Basically app.locals
are properties that are accessed globally throughout the whole application. So basically each user will see the last assignment to these properties (email and name).
let's say there is another route, /display that shows these variables. User 1 goes to that path after user 2 has set the app.locals. What user 1 will see?
He will see user2
information because he/she assigned last his/her information to the properties.
Understand, so rather than
app.locals
I should usereq.locals
, since this is persisted through the request, right?You're going to have to devise some kind of permanent data-store that knows how to differentiate between the various users so that each user's request gets data left behind by their previous request. Neither
app.locals
norreq.locals
are enough to do that.I ended up using a session middleware and storing those values in the session object