Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
connect-redis-sessions
Advanced tools
Is a connect or express middleware to simply use the redis sessions. With redis sessions you can handle multiple sessions per user_id.
// get the modules
var express = require( "express" );
var cookieParser = require( "cookie-parser" );
var ConnectRedisSessions = require( "connect-redis-sessions" );
var app = express();
// configute express
app
.use( express.query() )
.use( cookieParser() )
.use( ConnectRedisSessions( { app: "myappname" } ) )
// listen for requests
app.use( function( req, res ){
if( req.query.login ){
// upgrade a session to a redis session by a user id
req.session.upgrade( req.query.user_id );
}
if( req.sessin.id && req.query.logout ){
// kill the active session
req.session.destroy();
}
res.end( "Hello express redis sessions" );
});
npm install connect-redis-sessions
var ConnectRedisSessions = require( "connect-redis-sessions" );
var app = require( "express" )();
app.use( express.cookieParser() );
app.use( ConnectRedisSessions( { app: "myappname" } ) );
Attension:
If you're using Express < 4.x then please use version 0.x
otherwise use version 1.x
of connect-redis-sessions
.
It schould work with connect and the older Express, but there could be eventual issues due to the new Express 4.x api behaviour i haven't found yet.
ConnectRedisSessions( options )
To init the session handling just add the options object as argument.
String|Function
required )
A simple string as appname or a function to calc the name on every request.
The function addes to arguments req
and callback
._getAppName = function( req, callback ){ callback( null, "staticname" ) };
Object
)
Cookie configuration. If nothing is set a browser session cookie will be used.
Number
)
The maximum age of the generated cookie.String
, default = /
)
The cookie pathString
, default = true )Boolean
, default = false
)
Only accept https cookiesNumber
, default = 6379
)
Redis portString
, default = 127.0.0.1
)
Redis hostString
, default = rs
)
The namespace prefix for all Redis keys used by the redis session module.Number
, default = 600
)
The interval in second after which the timed out redis sessions are wiped. No value less than 10 allowed.Number
, default = 7200
)
Redis session timeout to wipe the session on idle time. Must be over 10
. If you set a value < 10
the module will use 10
instead.Number
, default = 0
)
Number of seconds to cache sessions in memory. See the "Cache" section in redis-sessions.After you have initializes the session handling every connect/express request object will contain a key called session
.
Within this Object you cann save rudimental keys of types String
, Number
and Boolean
.
These keys will be saved at the end of the request and will be availible within the next request.
And there are some additional methods and metadata
String
)
Your session tokenObject
)
Just a small helper to get all data woithin the session without handling the properties and method names. All keys under req.session.d[ ? ]
will also be availible under req.session[ ? ]
Object
)
Contains the redis sessions meta data.
String|Number
)
the global user idNumber
)
the session read countNumber
)
the session write countNumber
)
the session idle timeNumber
)
the session ttlreq.session.upgrade( user_id [, ttl ][, cb] )
upgrade a empty session to a real redis session by upgrading the session with the user_id.
Arguments
user_id
: ( String|Number
required ): The user id this session should belong to.ttl
: ( Number
optional; default = options.ttl
): Optinal ttl for this session. If not set the ttl defined in options would be used. Must be over 10
. If you set a value < 10
the module will use 10
instead.cb
: ( Function
optional ): Callback method with the results.req.session.soid( [ dt,] cb )
Get all session of the logged in id.
Arguments
cb
: ( Function
): Callback method with the results.req.session.soapp( [ dt,] cb )
Get all session of an app.
Arguments
dt
: ( Function
default = 600
): Get the app session history back in seconds.cb
: ( Function
): Callback method with the results.req.session.activity( [ dt,] cb )
Query the amount of active session within the last 10 minutes (600 seconds).
Arguments
dt
: ( Function
default = 600
): Get the app activity history back in seconds.cb
: ( Function
): Callback method with the results.req.session.destroy( [ cb ] )
Kill the current active session
Arguments
cb
: ( Function
optional ): Callback method.req.session.destroyall( [ cb ] )
Kill ALL session of the given user_id.
Arguments
cb
: ( Function
optional ): Callback method.req.session.save( [ cb ] )
Changed session data will allways be saved at the end of a request. But with this method you can force the saving of the session object to redis-sessions.
Arguments
cb
: ( Function
optional ): Callback method.req.session.reload( [ cb ] )
Reload the session from redis sessions
Arguments
cb
: ( Function
optional ): Callback method.req.session.getRedisSessionsModule()
Will return the internal instance of RedisSessions. You can use this to handle sessions of other users.
Returns
( RedisSessions
): The raw redis sessions module.
// get the modules
var express = require( "express" );
var cookieParser = require( "cookie-parser" );
var bodyParser = require( "body-parser" );
var logger = require( "morgan" );
var ConnectRedisSessions = require( "connect-redis-sessions" );
var app = express();
// get the appname by the first part of the url
var _getAppName = function(req, cb) {
var appname;
appname = req._parsedUrl.pathname.split("/")[1];
if (appname != null) {
cb(null, appname);
} else {
// if nothing is returned a empty session will be availible
cb(null);
}
};
fnCRS = ConnectRedisSessions( { app: _getAppName, ttl: _timeSecDay, cookie: { maxAge: _timeSecDay * 1000 } } );
// configute express
_timeSecDay = 60 * 60 * 24
app
.use( logger( "dev" ) )
.use( express.query() )
.use( bodyParser() )
.use( cookieParser() )
.use( fnCRS )
// an example how to get the internal redis-sessions instance out of the connect-redis-sessions module
redisSessionsInstance = fnCRS.handler.rds;
// listen for requests
app.use( function( req, res ){
console.log( req.session );/*
{
"id": null,
"d": {}
}
*/
res.end( "no knwon user" );
});
// listen for requests
app.use( function( req, res ){
if( req.session.id == void( 0 ) ){
res.end( "user not logged in" );
} else {
res.end( "user " + req.session._meta.id + " is logged in" );
}
});
// listen for requests
app.use( function( req, res ){
var user_id = "myuser_id" // code to get your user_id
req.session.upgrade( user_id, req.query.sessionttl, function(){
console.log( req.session );/*
{
"id": "myuser_id",
"d": {},
"_meta": {
"id": "myuser_id",
"r": 1,
"w": 1,
"ttl": 86400,
"idle": 0
}
}
*/
res.end( "user " + user_id + " has logged in" );
});
});
// listen for requests
app.use( function( req, res ){
req.session.meaning = 42;
req.session.foo = "bar";
console.log( req.session );/*
{
"id": "myuser_id",
"meaning": 42,
"foo": "bar",
"d": {
"meaning": 42,
"foo": "bar"
},
"_meta": {
"id": "myuser_id",
"r": 2,
"w": 1,
"ttl": 86400,
"idle": 10
}
}
*/
res.end( "data written to session" );
});
// listen for requests
app.use( function( req, res ){
res.end( "session data " + req.session.foo + " says " + req.session.meaning );
});
// listen for requests
app.use( function( req, res ){
req.session.soid( function( err, sessions ){
if( err ){
res.end( "ERROR" );
return
}
res.end( JSON.stringify( sessions ) );/*
[{
id: 'myuser_id',
r: 3,
w: 2,
ttl: 86400,
idle: 10
},
{
id: 'myuser_id',
r: 1,
w: 1,
ttl: 7200,
idle: 56040
}]
*/
});
});
// listen for requests
app.use( function( req, res ){
req.session.destroy()
});
Version | Date | Description |
---|---|---|
v2.0.0 | 2018-12-10 | updated deps + removed support for node < 6 |
v1.3.2 | 2016-07-26 | Fixed #13 to prevent error output invalidValue: d |
v1.3.1 | 2016-07-26 | Fixed configurations of automated tests by travis and appveyor |
v1.3.0 | 2016-07-25 | Updated dev env. and added mocha tests |
v1.2.0 | 2014-11-28 | Added ttl to upgrade method + Issues by thynson |
v1.0.3 | 2014-09-11 | Added return of sessionhandler object on initialisation |
v1.0.2 | 2014-04-25 | Small bugfix for cookie handling |
v1.0.1 | 2014-03-17 | Updated readme with external express/connect middleware |
v1.0.0 | 2014-03-17 | fixed cookie set for express 4.x |
v0.2.0 | 2014-03-07 | express 0.4.0 support |
v0.1.5 | 2013-12-04 | Added method SessionObject.getRedisSessionsModule() to receive the internal redis session instance |
v0.1.4 | 2013-11-20 | Fixed No d supplied error on upgrade |
v0.1.3 | 2013-10-15 | Fixed error on missing callback |
v0.1.2 | 2013-10-15 | Added example check for a logged in user to readme |
v0.1.1 | 2013-10-15 | Fixed module to be compatible with express and changed readme examples from connect to express |
v0.1.0 | 2013-10-04 | Initial commit |
Name | Description |
---|---|
redis-sessions | The redis session module this middleware module is based on |
tcs_node_auth | Authentication module to handle login and register with a integrated mail double-opt-in logic. |
Name | Description |
---|---|
node-cache | Simple and fast NodeJS internal caching. Node internal in memory cache like memcached. |
rsmq | A really simple message queue based on redis |
redis-heartbeat | Pulse a heartbeat to redis. This can be used to detach or attach servers to nginx or similar problems. |
systemhealth | Node module to run simple custom checks for your machine or it's connections. It will use redis-heartbeat to send the current state to redis. |
rsmq-cli | a terminal client for rsmq |
rest-rsmq | REST interface for. |
nsq-logger | Nsq service to read messages from all topics listed within a list of nsqlookupd services. |
nsq-topics | Nsq helper to poll a nsqlookupd service for all it's topics and mirror it locally. |
nsq-nodes | Nsq helper to poll a nsqlookupd service for all it's nodes and mirror it locally. |
nsq-watch | Watch one or many topics for unprocessed messages. |
connect-redis-sessions | A connect or express middleware to simply use the redis sessions. With redis sessions you can handle multiple sessions per user_id. |
redis-notifications | A redis based notification engine. It implements the rsmq-worker to safely create notifications and recurring reports. |
hyperrequest | A wrapper around hyperquest to handle the results |
task-queue-worker | A powerful tool for background processing of tasks that are run by making standard http requests |
soyer | Soyer is small lib for server side use of Google Closure Templates with node.js. |
grunt-soy-compile | Compile Goggle Closure Templates ( SOY ) templates including the handling of XLIFF language files. |
backlunr | A solution to bring Backbone Collections together with the browser fulltext search engine Lunr.js |
domel | A simple dom helper if you want to get rid of jQuery |
obj-schema | Simple module to validate an object by a predefined schema |
Copyright © 2013 Mathias Peter, http://www.tcs.de
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
Session store using redis-sessions for Connect
We found that connect-redis-sessions demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.