client-sessions is connect middleware that implements sessions in encrypted tamper-free cookies. For a complete introduction to encrypted client side sessions, refer to Francois Marier's blog post on the subject;
NOTE: It is not recommended using both this middleware and connect's built-in session middleware.
Usage
Basic usage:
var sessions = require("client-sessions");
app.use(sessions({
cookieName: 'mySession',
secret: 'blargadeeblargblarg',
duration: 24 * 60 * 60 * 1000,
activeDuration: 1000 * 60 * 5
}));
app.use(function(req, res, next) {
if (req.mySession.seenyou) {
res.setHeader('X-Seen-You', 'true');
} else {
req.mySession.seenyou = true;
res.setHeader('X-Seen-You', 'false');
}
});
You can control more specific cookie behavior during setup:
app.use(sessions({
cookieName: 'mySession',
secret: 'blargadeeblargblarg',
duration: 24 * 60 * 60 * 1000,
cookie: {
path: '/api',
maxAge: 60000,
ephemeral: false,
httpOnly: true,
secure: false
}
}));
You can have multiple cookies:
app.use(sessions({
cookieName: 'shopping_cart',
secret: 'first secret',
duration: 7 * 24 * 60 * 60 * 1000
}));
app.use(sessions({
cookieName: 'authenticated',
secret: 'first secret',
duration: 2 * 60 * 60 * 1000
}));
In this example, there's a 2 hour authentication session, but shopping carts persist for a week.
Finally, you can use requestKey to force the name where information can be accessed on the request object.
var sessions = require("client-sessions");
app.use(sessions({
cookieName: 'mySession',
requestKey: 'forcedSessionKey',
secret: 'blargadeeblargblarg',
duration: 24 * 60 * 60 * 1000,
}));
app.use(function(req, res, next) {
if (req.forcedSessionKey.seenyou) {
res.setHeader('X-Seen-You', 'true');
}
next();
});
License
This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0. If a copy of the MPL was not distributed with this
file, You can obtain one at http://mozilla.org/MPL/2.0/.