What's the proper way of handling user authentication from server side?

#1

So currently I am signing up user’s from the server side, if successful I set a cookie for the token.

Like so:

routes.post('/signup', async (req, res) => {

  const user = new Parse.User();
  user.set('username', req.body.username);
  user.set('email', req.body.email);
  user.set('password', req.body.password);

  try {
    await user.signUp();
    res.cookie('token', user.getSessionToken());
    res.sendStatus(200);
  } catch (error) {
    console.log("Error: " + error.code + " " + error.message);
    res.sendStatus(400);
  }

})

Is this the proper way?

What I want to be able to do is to be able to check whether a user is logged in or not from the server side and redirect them accordingly.

#2

The way you are signing up seems to be fine for me. In order to validate if the user is logged in, I’d read sessionToken from cookie and perform a query on Session collection to check if this session token is valid.