Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

express-passport-session-tracker

Package Overview
Dependencies
Maintainers
1
Versions
2
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

express-passport-session-tracker

An Express middleware to track which sessions are associated with which Passport users.

  • 0.0.2
  • latest
  • Source
  • npm
  • Socket score
Version published
Maintainers
1
Created
Source

Express Passport Session Tracker

Build Statuscodecovdependencies StatusdevDependencies Statusnpm version

If you follow the recommendations for The OWASP Session Management Cheat Sheet, you'll notice that there's a suggestion that users be able to observe all of their logged in sessions.

Express-session only really cares about sessions. A user's account has potentially nothing to do with a session.

Passport requires that you use express-session (or a similar compatible mechanism) but tracking the mapping between session and user is beyond what it can handle at the moment.

This library bridges the gap between the two pieces. It stores a set data structure in Redis keyed off of the username and stores all of the session ID values as a member of the set. It collects the data by monkey-patching Passport's logIn and logOut function calls.

How do I use it?

To attach the middleware

var middleware = require('express-passport-session-tracker').middlware;
var redis = require('redis');
var client = redis.createClient();
var express = require('express');

// Set up an express app
var app = express();

app.use(middleware(client, options));

To get a list of sessions:

var queryForSessions = require('express-passport-session-tracker').queryForSessions;

queryForSessions(client, user, function(err, data) {
  if (err) {
    // Handle error
  }
  // data contains the list of sessions as an array
});

Contributing

  • npm run lint to lint
  • npm test to test
  • npm run coverage to check test coverage

If you've found a bug:

  • Submit away!

If you'd like to submit a PR:

  • I do not expect you to smash multiple commits into a single commit.
  • Unless you say otherwise, I'm assuming "maintainer-fixes" style of merging, where I fix any quibbles and potentially make minor tweaks. If you specify "maintainer-reviews", I'll maintain a list of things that I've identified for you to change.
  • If you've got a major patch in mind that's larger than an easily-mergable patch, you might consider writing up a blueprint describing what you want to do.

Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms -- see code of conduct

License?

BSD, see LICENSE.txt

Keywords

FAQs

Package last updated on 14 Aug 2016

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Bun 1.2 Released with 90% Node.js Compatibility and Built-in S3 Object Support

Security News

Bun 1.2 Released with 90% Node.js Compatibility and Built-in S3 Object Support

Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.

By Sarah Gooding  -  Jan 22, 2025
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc