Express session for site with mix of static and dynamic pages

[clo...@kent.edu]

I am creating my first node/express app that has a few static pages as well as a login and a few pages that will be password protected and only seen if you are logged in.

Most of the examples of session I've read are for small apps where the entire app is protected and so most of coding is done in the app.js file. I'm not sure that I can put all of my code in the app.js file so I have created corresponding server side JS files for my dynamic jade pages (see the jade and js admin and nonadmin files below).

Structure of my site:

-app.js

-bin

--www

-public

--images

--javascripts

--stylesheets

-routes

--index.js

--admin 

---index.js

---login.js

---reporting.js

--nonadmin

---index.js

---login.js

---resources.js

---stats.js

-views

--admin 

---index.jade

---login.jade

---reporting.jade

--index.jade

--login.jade

--nonadmin

---index.jade

---login.jade

---resources.jade

---stats.jade

--static1.jade

--static2.jade

--static3.jade

If the user is an admin, I want them to end up on the admin/index page after logging in. The admin/login.js file currently sets session variables then redirects the user to this page if they meet certain criteria. (Users will be logged out otherwise.) Note: the site works similarly if the user is non-admin.

See the image I have attached:

I am trying to figure out how to check if the session variables from admin/login.js are available on the admin/index page. I would like to be able to use these same session variables on each page's corresponding JS file (index, reporting, etc) and even be able to send one of the session variables to the client side.

I have tried to use app.get in the admin/index.js file and that part of the code never executes when logging in and redirected to the admin/index.jade page.

admin/index.js snippet:

module.exports = function (app) {

  var request = require('request');

  console.log('in admin/index.js file');

  app.get('/admin/index', function (req, res) {

    //trying to check the session vars here

    console.log('session vars are' + req.session.isLoggedIn + req.session.userId + req.session.type);

  }

} 

app.js snippet (for admin):

require('./routes/admin/login')(app);

require('./routes/admin/')(app);

require('./routes/admin/reporting')(app);

Am I on the right track for handling session on a site like this? Should each post-login page have a corresponding JS file that checks session variables and if they are not set, logs the user out of the system? Is app.get the appropriate thing to use in these JS files?