Create new nodeSSPI instance per request, or share the instance? #103
Description
Hi there,
The official documentation contains this code, in which a new nodeSSPI instance is created in the middleware, so this means a new instance is made for each request:
var express = require('express'); var app = express(); var server = require('http').createServer(app); app.use(function (req, res, next) { var nodeSSPI = require('node-sspi'); var nodeSSPIObj = new nodeSSPI({ retrieveGroups: true, }); nodeSSPIObj.authenticate(req, res, function (err) { res.finished || next(); }); });
However, is this how nodeSSPI should be used (in production)? As far as I can tell, the authentication state is not shared on the nodeSSPI instance, but rather set on the connection itself - so it should be safe (and better for performance) to create the instance only once outside of the middleware and then share it across requests, like this?
var express = require('express'); var app = express(); var server = require('http').createServer(app); var nodeSSPI = require('node-sspi'); var nodeSSPIObj = new nodeSSPI({ retrieveGroups: true, }); app.use(function (req, res, next) { nodeSSPIObj.authenticate(req, res, function (err) { res.finished || next(); }); });
Is it correct to share the nodeSSPI instance or not? If it is, perhaps the official documentation should be changed as per the above example?
Thanks in advance, and I apologize if this is a dumb question.