RemoteIndian

I have implemented session based authentication (httpOnly cookie) using passportjs and on frontend I have used react router for navigation. Now I have created `/auth`  endpoint which basically makes a GET request to check if current logged in user session is valid or not. Sessions are stored in mongodb. Now for each private route user navigates to I am making call to `/auth` endpoint to validate logged in user. Can this solution be improved any suggestions?

You don't need the endpoint - When you make any request and user session is expired send 401 Unauthorised from server. If you are using axios to make request then intercept it and you can redirect the user/logout the user.

But consider this case if user is logged in successfully and then if he refreshes browser or manually changes url in browser during that time session cookie will be present in browser but redux state will reset so Before navigating to private route I will have to check if current logged in user  session is valid or not

For that you have to use browser storage like local storage to store user and session details. Redux can get those details from there.

I am already using httpOnly cookie which is saved in browser

<@U0161E9CZ24> /chat and /profile are 2 private routes so in private route code I dont have to hit any /auth endpoint instead of that I will add auth middleware to both of these route and if not authneticated then send isLoggedIn -&gt; false and if authenticated then send isLoggedIn true with the actual response is that correct ? in this way we can avoid using of any additional endpoint to check if user is logged in or not and both chat and profile component in react would be connected to redux store which holds isLoggedIn variable is this correct?

see code here: <https://pastebin.com/sdLuPmp3> of private route

Refer to this blog <https://medium.com/@jns368/setting-up-private-routes-in-react-router-f74585f78e91>