Socket
Socket
Sign inDemoInstall

connect-redis

Package Overview
Dependencies
11
Maintainers
3
Versions
69
Alerts
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

connect-redis

Redis session store for Connect


Version published
Maintainers
3
Weekly downloads
439,619
decreased by-6.87%

Weekly downloads

Readme

Source

Build Status npm code-style Downloads

connect-redis provides Redis session storage for Express.

Installation

connect-redis requires express-session to installed and one of the following compatible Redis clients:

Install with redis:

npm install redis connect-redis express-session

Install with ioredis:

npm install ioredis connect-redis express-session

Importing

connect-redis supports both CommonJS (require) and ESM (import) modules.

Import using ESM/Typescript:

import RedisStore from "connect-redis"

Require using CommonJS:

const RedisStore = require("connect-redis").default

API

Full setup using redis package:

import RedisStore from "connect-redis"
import session from "express-session"
import {createClient} from "redis"

// Initialize client.
let redisClient = createClient()
redisClient.connect().catch(console.error)

// Initialize store.
let redisStore = new RedisStore({
  client: redisClient,
  prefix: "myapp:",
})

// Initialize session storage.
app.use(
  session({
    store: redisStore,
    resave: false, // required: force lightweight session keep alive (touch)
    saveUninitialized: false, // recommended: only save session when data exists
    secret: "keyboard cat",
  }),
)

RedisStore(options)

Options
client

An instance of redis or ioredis.

prefix

Key prefix in Redis (default: sess:).

Note: This prefix appends to whatever prefix you may have set on the client itself.

Note: You may need unique prefixes for different applications sharing the same Redis instance. This limits bulk commands exposed in express-session (like length, all, keys, and clear) to a single application's data.

ttl

If the session cookie has a expires date, connect-redis will use it as the TTL.

Otherwise, it will expire the session using the ttl option (default: 86400 seconds or one day).

interface RedisStoreOptions {
  ...
  ttl?: number | {(sess: SessionData): number}
}

ttl also has external callback support. You can use it for dynamic TTL generation. It has access to session data.

Note: The TTL is reset every time a user interacts with the server. You can disable this behavior in some instances by using disableTouch.

Note: express-session does not update expires until the end of the request life cycle. Calling session.save() manually beforehand will have the previous value.

disableTouch

Disables resetting the TTL when using touch (default: false)

The express-session package uses touch to signal to the store that the user has interacted with the session but hasn't changed anything in its data. Typically, this helps keep the users session alive if session changes are infrequent but you may want to disable it to cut down the extra calls or to prevent users from keeping sessions open too long. Also consider enabling if you store a lot of data on the session.

Ref: https://github.com/expressjs/session#storetouchsid-session-callback

disableTTL

Disables key expiration completely (default: false)

This option disables key expiration requiring the user to manually manage key cleanup outside of connect-redis. Only use if you know what you are doing and have an exceptional case where you need to manage your own expiration in Redis.

Note: This has no effect on express-session setting cookie expiration.

serializer

Provide a custom encoder/decoder to use when storing and retrieving session data from Redis (default: JSON.parse and JSON.stringify).

Optionally parse method can be async if need be.

interface Serializer {
  parse(string): object | Promise<object>
  stringify(object): string
}
scanCount

Value used for count parameter in Redis SCAN command. Used for ids() and all() methods (default: 100).

Keywords

FAQs

Last updated on 22 Jan 2024

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc