als-session

v4.5.0

Published

7 days ago

Session based file or memory storage as mw

Downloads

0High
0Medium
0Low

alexsorkin

session session mw

Als-session

Session based file storage as middleware.

Change log for v4.5

Dependencies changed
Added session in memory option

Middleware initiation

Quick init

Usage with express as middleware.

const sessionMw = require("als-session");
app.use(sessionMw({}));

The example above demonstrates adding session middleware to an express application with default settings.

Basic init

Syntax:

const sessionMw = require('als-session');
const options = {}
let session = sessionMw(options);

app.use(session);

The sessionMw function configures middleware for session management. Below are the available configuration parameters:

prefix: String (1 to 3 characters)
- Prefix for the session name.
- Default: 'sid'.
path: String
- URL path for the session.
- Minimum length: 1 character.
- Default: '/'.
httpOnly: Boolean
- If true, the cookie is not accessible through document.cookie.
- Default: true.
secure: Boolean
- If true, the cookie is not sent in the response.
- Default: true.
maxAge: Number
- The lifespan of the session in milliseconds.
- Range: from 1000 to infinity.
- Default: 7 days (604800000 ms).
secret: String
- Secret for signing the cookie.
- Minimum length: 10 characters.
- Default: Automatically generated.
  - available as secret text file inside als-session
log: Function
- Logging function for errors.
- Example: (e) => {throw e}.
- Default: console.error.
dirPath: String
- Path for saving sessions.
- Using path if path is valid
- Using join(__dirname, '..', 'session') if path not string
- Using memory store if path is 'memory'

Example for initiation

const sessionMw = require('als-session');

let session = sessionMw({
    prefix: 'aaa',
    path: '/dashboard',
    httpOnly: false,
    secure: false,
    maxAge: 1000 * 60 * 60,
    secret: 'some1234567',
    log: (e) => { throw e },
    dirPath: join(__dirname, 'sessions')
});

Session usage

Usage is straightforward. Typically, all you need is req.session.

Syntax:

function(req, res) {
  req.sessionStore: object // instance of File
  req.sessionId: string // session ID (file name or key in memory storage)
  req.session: object // Session object for storing user data
  req.destroySession: function // function for destroying the session and creating a new one
}

sessionId - is a name of file in sessions folder

Modifying session

req.session is an object which saved after response sent.

req.session.key = "value"; // add a new value to session
let value = req.session.key; // get a value by key
delete req.session.key; // delete a value by key

Destroying session

Syntax:

await req.destroySession();

Published

Vulnerabilities

Links

Maintainers

Keywords

Readme

Als-session

Change log for v4.5

Middleware initiation

Quick init

Basic init

Example for initiation

Session usage

Modifying session

Destroying session