🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

express-passport-session-tracker

Package Overview
Dependencies
Maintainers
1
Versions
2
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

express-passport-session-tracker

An Express middleware to track which sessions are associated with which Passport users.

0.0.2
latest
Source
npm
Version published
Weekly downloads
2
-33.33%
Maintainers
1
Weekly downloads
 
Created
Source

Express Passport Session Tracker

Build Statuscodecovdependencies StatusdevDependencies Statusnpm version

If you follow the recommendations for The OWASP Session Management Cheat Sheet, you'll notice that there's a suggestion that users be able to observe all of their logged in sessions.

Express-session only really cares about sessions. A user's account has potentially nothing to do with a session.

Passport requires that you use express-session (or a similar compatible mechanism) but tracking the mapping between session and user is beyond what it can handle at the moment.

This library bridges the gap between the two pieces. It stores a set data structure in Redis keyed off of the username and stores all of the session ID values as a member of the set. It collects the data by monkey-patching Passport's logIn and logOut function calls.

How do I use it?

To attach the middleware

var middleware = require('express-passport-session-tracker').middlware;
var redis = require('redis');
var client = redis.createClient();
var express = require('express');

// Set up an express app
var app = express();

app.use(middleware(client, options));

To get a list of sessions:

var queryForSessions = require('express-passport-session-tracker').queryForSessions;

queryForSessions(client, user, function(err, data) {
  if (err) {
    // Handle error
  }
  // data contains the list of sessions as an array
});

Contributing

  • npm run lint to lint
  • npm test to test
  • npm run coverage to check test coverage

If you've found a bug:

  • Submit away!

If you'd like to submit a PR:

  • I do not expect you to smash multiple commits into a single commit.
  • Unless you say otherwise, I'm assuming "maintainer-fixes" style of merging, where I fix any quibbles and potentially make minor tweaks. If you specify "maintainer-reviews", I'll maintain a list of things that I've identified for you to change.
  • If you've got a major patch in mind that's larger than an easily-mergable patch, you might consider writing up a blueprint describing what you want to do.

Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms -- see code of conduct

License?

BSD, see LICENSE.txt

Keywords

express
passport
connect
session

FAQs

Package last updated on 14 Aug 2016

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Meet Socket at Black Hat and DEF CON 2025 in Las Vegas

Security News

Meet Socket at Black Hat and DEF CON 2025 in Las Vegas

Meet Socket at Black Hat & DEF CON 2025 for 1:1s, insider security talks at Allegiant Stadium, and a private dinner with top minds in software supply chain security.

By Sarah Gooding  -  Jul 12, 2025