mongodb - Handling simultaneous client requests in Node/Express

Question

I want to handle simultaneous user requests in my express server, and store data from them in a Mongo db. I have all the code ready to go, however, I'm struggling to find a way to assign a unique id to each user request so I can then save the data from each user to a Mongo db.

Here is a sample of my code below.

app.post("/page1", function(request,response) {    

    var ipAddress = request.connection.remoteAddress;
    var name1 = request.body.name1;

    MongooseModel.findOneAndUpdate({id: ipAddress},{name1:name1},
        {upsert: false}, function() {});

    response.redirect('/page2');
});

As you can see, I'm trying to differentiate each client request based on their IP address. The following code is then run directly after the code posted above.

app.post("/page2", function(request,response) {    

    var ipAddress = request.connection.remoteAddress;
    var name2 = request.body.name2;

    MongooseModel.findOneAndUpdate({id: ipAddress},{name2:name2},
        {upsert: false}, function() {});

    response.redirect('/page3');
});

Once again, I'm trying to differentiate each client request based on their IP address. Unfortunately, the code I have above only works if two (or more) clients don't share the same network connection. If they do, request.connection.remoteAddress returns the same value and my db gets confused.

Is there a clever solution to this problem? I know that most websites (such as amazon.com) have had to overcome this issue, as they receive millions of client requests and have to differentiate between all of them in order to store data in their databases.

question from:https://stackoverflow.com/questions/65927794/handling-simultaneous-client-requests-in-node-express

Answer 1

The most robust way to identify clients it to require a login and then identify them by their userID (something defined as unique when they create their account and then specified by the user when they log in). You keep track of the logged in state via a session cookie. Something like express-session is often used for automatically creating this cookie and giving you a place to store temporary state in the session. If you then add a user login on top of it, this has the advantage that it can identify the same user across computers and across time.

Libraries like passport can even let you leverage the login of other services such as Google, Facebook, Twitter, etc... rather than making the user create their own new login to your service.

A more temporary way of keeping track of a specific user is to set a cookie with a uniqueID in it and then use that cookie as the user identifier. Since that cookie will be presented back with any future requests from that specific device, you can use this as a short term proxy for the user. But, this is only good for short term identification because cookies can get removed, they correlate to a specific device, not a specific user and don't work across devices.

As you've already discovered, the IP address is a poor proxy for user because many users can share the same IP address (via home, corporate and mobile gateways gateways). Further IP addresses can change for the same device as mobile users move around on the network.

I know that most websites (such as amazon.com) have had to overcome this issue, as they receive millions of client requests and have to differentiate between all of them in order to store data in their databases.

If they are storing user data in their databases for the long term, then they are using a user login and a lasting cookie to identify the user and are storing the data in their databases for the specific userID indicated by the cookie. Note, the userID is usually not directly in the cookie to prevent spoofing of users, but rather some other reference is in the cookie that they can look up and convert into the userID that can then be used a a key in the database to store stuff for that specific user.