🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

connect-mongodb-session

Package Overview
Dependencies
Maintainers
1
Versions
41
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

connect-mongodb-session

MongoDB session store for connect/express built by MongoDB

5.0.0
latest
Source
npm
Version published
Maintainers
1
Created
Source

connect-mongodb-session

MongoDB-backed session storage for connect and Express. Meant to be a well-maintained and fully-featured replacement for modules like connect-mongo

Build Status Coverage Status

MongoDBStore

This module exports a single function which takes an instance of connect (or Express) and returns a MongoDBStore class that can be used to store sessions in MongoDB.

It can store sessions for Express 4

If you pass in an instance of the express-session module the MongoDBStore class will enable you to store your Express sessions in MongoDB.

The MongoDBStore class has 3 required options:

  • uri: a MongoDB connection string
  • databaseName: the MongoDB database to store sessions in
  • collection: the MongoDB collection to store sessions in

Note: You can pass a callback to the MongoDBStore constructor, but this is entirely optional. The Express 3.x example demonstrates that you can use the MongoDBStore class in a synchronous-like style: the module will manage the internal connection state for you.

var express = require('express');
var session = require('express-session');
var MongoDBStore = require('connect-mongodb-session')(session);

var app = express();
var store = new MongoDBStore({
  uri: 'mongodb://127.0.0.1:27017/connect_mongodb_session_test',
  collection: 'mySessions'
});

// Catch errors
store.on('error', function(error) {
  console.log(error);
});

app.use(require('express-session')({
  secret: 'This is a secret',
  cookie: {
    maxAge: 1000 * 60 * 60 * 24 * 7 // 1 week
  },
  store: store,
  // Boilerplate options, see:
  // * https://www.npmjs.com/package/express-session#resave
  // * https://www.npmjs.com/package/express-session#saveuninitialized
  resave: true,
  saveUninitialized: true
}));

app.get('/', function(req, res) {
  res.send('Hello ' + JSON.stringify(req.session));
});

server = app.listen(3000);

It throws an error when it can't connect to MongoDB

You should pass a callback to the MongoDBStore constructor to catch errors. If you don't pass a callback to the MongoDBStore constructor, MongoDBStore will throw if it can't connect.

var express = require('express');
var session = require('express-session');
var MongoDBStore = require('connect-mongodb-session')(session);

var app = express();
var store = new MongoDBStore(
  {
    uri: 'mongodb://bad.host:27000/connect_mongodb_session_test?connectTimeoutMS=10',
    databaseName: 'connect_mongodb_session_test',
    collection: 'mySessions'
  },
  function(error) {
    // Should have gotten an error
  });

store.on('error', function(error) {
  // Also get an error here
});

app.use(session({
  secret: 'This is a secret',
  cookie: {
    maxAge: 1000 * 60 * 60 * 24 * 7 // 1 week
  },
  store: store,
  // Boilerplate options, see:
  // * https://www.npmjs.com/package/express-session#resave
  // * https://www.npmjs.com/package/express-session#saveuninitialized
  resave: true,
  saveUninitialized: true
}));

app.get('/', function(req, res) {
  res.send('Hello ' + JSON.stringify(req.session));
});

server = app.listen(3000);

It supports several other options

There are several other options you can pass to new MongoDBStore():

var express = require('express');
var session = require('express-session');
var MongoDBStore = require('connect-mongodb-session')(session);

var store = new MongoDBStore({
  uri: 'mongodb://127.0.0.1:27017/connect_mongodb_session_test',
  collection: 'mySessions',

  // By default, sessions expire after 2 weeks. The `expires` option lets
  // you overwrite that by setting the expiration in milliseconds
  expires: 1000 * 60 * 60 * 24 * 30, // 30 days in milliseconds

  // Lets you set options passed to `MongoClient.connect()`. Useful for
  // configuring connectivity or working around deprecation warnings.
  connectionOptions: {
    serverSelectionTimeoutMS: 10000
  }
});

Azure Cosmos MongoDB support

It can support MongoDB instances inside Azure Cosmos. As Cosmos can only support time-based index on fields called _ts, you will need to update your configuration. Unlike in MongoDB, Cosmos starts the timer at the point of document creation so the expiresAfterSeconds should have the same value as expires - as expires is in milliseconds, the expiresAfterSeconds must equal expires / 1000.


var express = require('express');
var session = require('express-session');
var MongoDBStore = require('connect-mongodb-session')(session);

var store = new MongoDBStore({
  uri: 'mongodb://username:password@cosmosdb-name.mongo.cosmos.azure.com:10255/?ssl=true&replicaSet=globaldb&retrywrites=false&maxIdleTimeMS=120000&appName=@cosmosdb-name@', 
  databaseName: 'myDb',
  collection: 'mySessions',

  // Change the expires key name
  expiresKey: `_ts`,
  // This controls the life of the document - set to same value as expires / 1000
  expiresAfterSeconds: 60 * 60 * 24 * 14 
});

Keywords

connect
mongo
mongodb
session
express

FAQs

Package last updated on 25 Jan 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Meet Socket at Black Hat and DEF CON 2025 in Las Vegas

Security News

Meet Socket at Black Hat and DEF CON 2025 in Las Vegas

Meet Socket at Black Hat & DEF CON 2025 for 1:1s, insider security talks at Allegiant Stadium, and a private dinner with top minds in software supply chain security.

By Sarah Gooding  -  Jul 12, 2025