javascriptnode.jsanonymous-users

How to store different (random & temp) backend data for each user, without login?

What's the simplest way to persist small backend data for each user?

I'm working on a program that will make a random choice for each user, a single-word string, and I'm just starting to decide how to architect it. Although the choices are random, I want them to be persistent — not necessarily if the user comes back the next day, but at least through a session that could be 20 minutes. This would be totally trivial on the front-end, but the random choice must occur on the Node backend (because the user can't know what it is), and can't change when they make their next request. For these purposes, we're assuming a user technically literate enough to view source or open dev tools, but not concerned about someone hacking in.

I already know how to store data in a database (Mongo or SQL), but this seems like overkill for a single word. I already know how to log in users, with user/password or with OAuth, but this again seems like overkill because the data isn't really private and shouldn't require logins. Also, that's extra trouble for the user. I'm considering using Firebase to authenticate anonymous users, but I'm wondering if there's a simpler/faster way for my backend to identify which low-security user I'm dealing with, just to interact with one word for the first user, and a different word for a second user.

Should I go with Firebase anonymous user login? Is there something simple I didn't think of? Thank you!

Solution

  • You're probably looking for something like the Set-Cookie HTTP header. For example, if you're using the node 'http' module: 

    var http = require('http')
var cookie = require('cookie') // npm install if you need to

// Server set up code
const server = http.createServer((request, response) => {
    //Gets called on each http request to your server

    var randomString = yourRandomStringGenerator();
    var cookies = cookie.parse(request.headers.cookie);
    if (cookies.myCookie) {
        // already there, do nothing
    } else {
        response.setHeader('Set-Cookie',`myCookie=${randomString}`)
    }
    // Your other server routing etc.
}

    This header also accepts a Max-Age and Expires parameter if you'd like them to last beyond a single session, but if Expires is not set then the cookie is automattically a session cookie. See documentation on Set-Cookie at MDN