client-sessions
Advanced tools
Readme
Secure sessions stored in cookies, for node.js Middleware for Connect / Express apps.
Session content is secure and tamper-free.
This does not use connect's built-int session middleware, because, if it did, things would get nasty in implementation given the conflict between the session ID and the session content itself. Also, this library uses its own cookie parser so that setup is easier and less error-prone.
I don't recommend using both this middleware and connect's built-in session middleware.
var clientSessions = require("client-sessions");
app.use(clientSessions({
cookieName: 'session_state', // defaults to session_state
secret: 'blargadeeblargblarg', // MUST be set
// true session duration:
// will expire after duration (ms)
// from last session.reset() or
// initial cookieing.
duration: 24 * 60 * 60 * 1000, // defaults to 1 day
}));
// later, in a request
req.session.foo = 'bar';
req.session.baz = 'baz2';
// results in a Set-Cookie header
console.log(req.session.baz)
// no updates to session results in no Set-Cookie header
// and then
if (req.session.foo == 'bar') {
// do something
}
// reset the session, preserving some variables
// if they exist. This means the session's creation time
// will be reset to now, with expiration in duration (ms).
req.session.reset(['csrf']);
Optionally, if you'd like more explicit control over the cookie parameters you can do:
app.use(clientSessions({
cookieName: 'session_state', // defaults to session_state
secret: 'blargadeeblargblarg', // MUST be set
// true session duration:
// will expire after duration (ms)
// from last session.reset() or
// initial cookieing.
duration: 24 * 60 * 60 * 1000, // defaults to 1 day
cookie: {
path: '/api',
// cookie expiration parameters
// this gets updated on every cookie call,
// so it's not appropriate for saying that the session
// expires after 2 weeks, for example, since the cookie
// may get updated regularly and push the time back.
maxAge: 14 * 24 * 60 * 60 * 1000 // in ms
httpOnly: true, // defaults to true
secure: false // defaults to false
}
}));
FAQs
secure sessions stored in cookies
The npm package client-sessions receives a total of 13,622 weekly downloads. As such, client-sessions popularity was classified as popular.
We found that client-sessions demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Ecma TC39 is meeting this week and has moved key ECMAScript proposals forward, advancing Deferred Import Evaluation, Error.isError(), RegExp Escaping, and Promise.try to the next stages.
Security News
Researchers have demonstrated that teams of LLM agents can exploit zero-day vulnerabilities with a 53% success rate, and the costs of using AI to do so are rapidly becoming more affordable than hiring a human penetration tester.
Security News
In an unprecedented surge, May 2024 saw the publication of over 5,000 CVEs, marking a historic milestone in cybersecurity with an average of 164 CVEs per day, nearly double the 2023 daily average.