Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
connect-dynamodb-session
Advanced tools
Readme
DynamoDB session store for Connect and Express
const session = require('express-session');
const DynamoStore = require('connect-dynamodb-session')(session);
app.use(session({
secret: 'foo',
store: new DynamoStore({
region: 'us-west-2',
tableName: 'mySessionTable',
cleanupInterval: 100000,
touchAfter: 0
})
}));
autoCreate
option, see below)For example using the aws cli:
aws \
--region us-west-2 \
dynamodb create-table \
--table-name ${YOUR_TABLE_NAME} \
--attribute-definitions AttributeName=id,AttributeType=S \
--key-schema AttributeName=id,KeyType=HASH \
--provisioned-throughput ReadCapacityUnits=5,WriteCapacityUnits=5
Be sure to read the aws documentation about ReadCapacityUnits
and WriteCapacityUnits
before deploying to production.
client
(optional) provide your own client that exposes init
, get
, put
, delete
, setExpires
& deleteExpired
, see src/dynamo.js
for an implementation.ttl
(optional, default: 1209600000 (two weeks)) expiration time of session in milliseconds. Fall back to use if the cookie does not have an expires value. Normally you set the expires value for the cookie:app.use(session({
cookie: {maxAge: 1209600000},
secret: 'foo',
store: new DynamoStore(options)
}));
cleanupInterval
(optional, default: 300000 (five minutes)) how often to wait in-between scans of the the table to remove expired sessions. Set to 0
to never remove expired sessions.touchAfter
(optional, default: 10000 (ten seconds)) if the session hasn't changed, then don't persist it to dynamo more than once every 10 seconds. Set to 0
to always update dynamo WARNING setting to 0
can seriously impact your WriteCapacityUnits
. Inspired by connect-mongo. Requires the resave
session option to be false:app.use(session({
secret: 'foo',
resave: false, //don't save session if unmodified
store: new DynamoStore({
region: 'us-west-2',
tableName: 'mySessionTable',
})
}));
err
(optional, default: () => {}
) error logging, called with (message, error)
.log
(optional, default: () => {}
) debug logging, called with (message)
.region
(required unless awsClient
set) aws region to use.tableName
(required) name of the dynamodb table to use.endpoint
(optional) override the aws endpoint, for example to use a local dynamodb for development.awsClient
(optional) override the aws dynamo db client, for testing or to use a pre-configured client.autoCreate
(optional, default: false) if the table does not exist in aws, then attempt to create it on initreadCapacity
(optional, default: 5) if autoCreate
is true
, and the table does not exist, then this setting is used to create the table NOTE this setting does not edit the capacity of a table that already exists.writeCapacity
(optional, default: 5) if autoCreate
is true
, and the table does not exist, then this setting is used to create the table NOTE this setting does not edit the capacity of a table that already exists.consistentRead
(optional, default: true) if this is set to false, then getting sessions is down with weak consistency which will reduce your reqired ReadCapacityUnits, but may cause issues, especially if you have multiple instances of your node server connecting to the same table.Docker and docker-compose are required to run tests, since we are using local DynamoDB image for End-to-end testing
yarn lint
yarn test
The MIT License
FAQs
Connect session store for AWS DynamoDB
The npm package connect-dynamodb-session receives a total of 13 weekly downloads. As such, connect-dynamodb-session popularity was classified as not popular.
We found that connect-dynamodb-session demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.