Security News
RubyGems.org Adds New Maintainer Role
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
connect-redis
Advanced tools
The connect-redis npm package is a Redis session store for Express and Connect. It allows you to store session data in a Redis database, which can help with scaling applications by providing a centralized session store.
Basic Setup
This code demonstrates how to set up a basic Express application with connect-redis as the session store. It configures the session middleware to use Redis for storing session data.
const session = require('express-session');
const RedisStore = require('connect-redis')(session);
const express = require('express');
const app = express();
app.use(session({
store: new RedisStore({
host: 'localhost',
port: 6379
}),
secret: 'your secret',
resave: false,
saveUninitialized: false
}));
app.get('/', (req, res) => {
res.send('Hello World!');
});
app.listen(3000, () => {
console.log('Server is running on port 3000');
});
Custom Redis Client
This code demonstrates how to use a custom Redis client with connect-redis. This can be useful if you need to configure the Redis client with specific options or use an existing Redis client instance.
const session = require('express-session');
const RedisStore = require('connect-redis')(session);
const express = require('express');
const redis = require('redis');
const app = express();
const redisClient = redis.createClient({
host: 'localhost',
port: 6379
});
app.use(session({
store: new RedisStore({ client: redisClient }),
secret: 'your secret',
resave: false,
saveUninitialized: false
}));
app.get('/', (req, res) => {
res.send('Hello World!');
});
app.listen(3000, () => {
console.log('Server is running on port 3000');
});
Advanced Configuration
This code demonstrates advanced configuration options for connect-redis, such as setting the time-to-live (ttl) for sessions and enabling error logging.
const session = require('express-session');
const RedisStore = require('connect-redis')(session);
const express = require('express');
const app = express();
app.use(session({
store: new RedisStore({
host: 'localhost',
port: 6379,
ttl: 260,
logErrors: true
}),
secret: 'your secret',
resave: false,
saveUninitialized: false
}));
app.get('/', (req, res) => {
res.send('Hello World!');
});
app.listen(3000, () => {
console.log('Server is running on port 3000');
});
express-session is a general-purpose session middleware for Express. It supports various session stores, including in-memory, file-based, and database-backed stores. Unlike connect-redis, it does not provide a Redis-specific store out of the box but can be extended with other packages.
connect-mongo is a MongoDB session store for Express and Connect. It provides similar functionality to connect-redis but uses MongoDB as the backend store instead of Redis. It is useful for applications that already use MongoDB and want to keep session data in the same database.
express-mysql-session is a MySQL session store for Express. It provides similar functionality to connect-redis but uses MySQL as the backend store. It is useful for applications that use MySQL and want to store session data in a relational database.
connect-redis is a Redis session store backed by node_redis, and is insanely fast :). Requires redis >= 2.0.0
for the SETEX command.
npm install connect-redis express-session
Pass the express-session
store into connect-redis
to create a RedisStore
constructor.
var session = require('express-session');
var RedisStore = require('connect-redis')(session);
app.use(session({
store: new RedisStore(options),
secret: 'keyboard cat'
}));
A Redis client is required. An existing client can be passed directly using the client
param or created for you using the host
, port
, or socket
params. - client
An existing client - host
Redis server hostname - port
Redis server portno - socket
Redis server unix_socket - url
Redis server url
The following additional params may be included:
ttl
Redis session TTL (expiration) in secondsdisableTTL
Disables setting TTL, keys will stay in redis until evicted by other means (overides ttl
)db
Database index to usepass
Password for Redis authenticationprefix
Key prefix defaulting to "sess:"unref
Set true
to unref the Redis client. Warning: this is an experimental feature.serializer
An object containing stringify
and parse
methods compatible with Javascript's JSON
to override the serializer usedlogErrors
Whether or not to log client errors. (default: false
)
true
, a default logging function (console.error
) is provided.false
, no logging occurs.Any options not included in this list will be passed to the redis createClient()
method directly.
Clients other than node_redis
will work if they support the same interface. Just pass the client instance as the client
configuration option. Known supported clients include:
By default, the node_redis
client will auto-reconnect when a connection is lost. But requests may come in during that time. In express, one way this scenario can be handled is including a "session check" after setting up a session (checking for the existence of req.session
):
app.use(session( /* setup session here */ ))
app.use(function (req, res, next) {
if (!req.session) {
return next(new Error('oh no')) // handle error
}
next() // otherwise continue
})
If you want to retry, here is another option.
MIT
FAQs
Redis session store for Connect
The npm package connect-redis receives a total of 381,341 weekly downloads. As such, connect-redis popularity was classified as popular.
We found that connect-redis demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.
Security News
Research
Socket's threat research team has detected five malicious npm packages targeting Roblox developers, deploying malware to steal credentials and personal data.