chat.io
A Real Time Chat Application built using Node.js, Express, Mongoose
... access to your application, and log in using their social accounts. The session needs a random string to make sure the session id in the browser is random. That random string is used to encrypt the session id in the browser, Why? To prevent session id guessing. Each user has a username, password, social Id, and picture. If the user is logged in via username and password, then the social Id has to be null, and the if logged in via a social account, then the password will be null.