Disabling sessions in nodejs Passport.js

Question

I just discovered about Tokens for authentication which allows session/stateless servers and starting out with MEAN. Looks amazing.

Right now, I'm using Passport.js to authenticate users (via Email, Facebook, Google,...), which stores information into the server session like all the tutorials say:

 // required for passport
    app.use(express.session({
        secret : 'superscret',
        expires: new Date(+new Date + settings.session.sessionTimeout),
        store: new MongoStore({})
    })); // session secret
    app.use(passport.initialize());
    app.use(passport.session({}));

Is it possible to still use Passport.js but instead of storing the session, sends back a token to monitor if the user has access.

Question: How can disable sessions for passport? (I know how to send the token and listen for it).

Answer 1

passportjs supports disabling of the sessions. Docs passport

After successful authentication, Passport will establish a persistent login session. This is useful for the common scenario of users accessing a web application via a browser. However, in some cases, session support is not necessary. For example, API servers typically require credentials to be supplied with each request. When this is the case, session support can be safely disabled by setting the session option to false.

app.get('/api/users/me',
  passport.authenticate('basic', { session: false }),
  function(req, res) {
    res.json({ id: req.user.id, username: req.user.username });
  });

Answer 2

I suggest using satellizer, de-facto standard library for token based authentication in AngularJS. It implements token based authentication only and is much easier to get working for your purposes. It also has good server examples, including Node.js server example.