express-session-lw

express-session-lw

Lightweight Session management middleware for ExpressJS with garbage collection of timeout session keys.

Follow this project on github for the newest releases and updates.

Why another session middleware?

Beause express-session middleware has purposely made it's Memorystore to leak. express-Session-lw doesn't leak and has automatic hoovering of idle session keys.

Dont take my word for it:

(quote from express-session doc) Warning The default server-side session storage, Memory Store , is purposely not designed for a production environment. It will leak memory under most conditions, does not scale past a single process, and is meant for debugging and developing.

Features

• Keys are stored in memory.

• Garbage collection runs at specified user configurable intervals.

• Can co-exist with CookieParser middle-ware.

• Per session settable idle time.

• Timeout session keys are automatically replaced by new ones , and an empty session store is associated with the new key.

Install

  npm install --save express-session-lw

API

functions exported by the module

function	arguments	description
this	options object (see next section)	Initialize middle-ware
gc	none	garbage collector, you can call it explicitly
getSessionData	key (user session key)	fetch the session data object belonging to a session key

Initializing

const express = require('express');

var app = express();

const express_session_lw = require('express-session-lw');



app.use ( express_session_lw( options ) );
.

Options object properties

Property name	Description	Default Value
debug	Will show tracing/logging info via console.log	false
globalTimeOut	The time for a session to be idle (no browser activity) before the session key is discarded	30 (seconds)
garbageCollect	garbage collector interval to hoover up , timed out session keys	500 (seconds)
sessionKeyName	The name of the cookie to be used as session key	"lw_session_id"

Basic usage

const express = require('express');

var app = express();

const express_session_lw = require('express-session-lw');

const session_middleware = express_session_lw({
    debug:false,          
     // clean up session keys that have been idle for 3 hours
    globalTimeOut:3600*3,
    // garbage collect timed-out session keys every 60 seconds
    garbageCollect: 60,
    // name of the cookie to hold the session key
    sessionKeyName:"__SESSION_LW"    
});

app.use(session_middleware);

Example use of garbage collector and session data fetch outside of express middleware.

// explicity call the garbage collector
express_session_lw.gc();
// fetch from global memory store,
// the session related storage object using the session key.
var session_data = express_session_lw.getSessionData( key );

Request.session_data

The object property session_data is automatically added to the request object, with the following properties

property name	Description
key	key value as (string)
last_access	integer unix timestamp of the last time this session key was used.

Adjust max idle time on a per session basis

Add the property timeout to the request object and will override globalTimeOut in the option object used to initialize the middleware

Adding data to the session:

Just add your own custom properties to the request.session_data object.

app.get("/login" , function (req, send, next) {
  ..
  ..
  // these properties always exist,
  console.log(req.session_data.key); // print out my session key
  console.log(req.session_data.last_access); // print out the last usage

  // add new session properties
  req.session_data.shopcart = [ 'item1', 'item2','item3'];
  ..
  ..
});