hapi-server-session-next
Advanced tools
Simple server-side session support for hapi
$ npm install hapi-server-session-next
'use strict';
const hapi = require('@hapi/hapi');
const main = async () => {
const server = new hapi.Server({
host: 'localhost',
address: '127.0.0.1',
port: 8000,
});
await server.register({
plugin: require('hapi-server-session-next'),
options: {
cookie: {
isSecure: false, // never set to false in production
},
},
});
server.route({
method: 'GET',
path: '/',
handler: (request, _h) => {
request.session.views = request.session.views + 1 || 1;
return 'Views: ' + request.session.views;
},
});
await server.start();
};
main().catch(console.error);
algorithm: [Default: 'sha256'] algorithm to use during signingcache: supports the same options as server.cache(options)
expiresIn: [Default: session expiresIn if set or 2147483647] session cache expiration in millisecondssegment: [Default: 'session'] session cache segmentcookie: supports the same options as server.state(name, [options])
isSameSite: [Default: 'Lax'] sets the SameSite flagpath: [Default: '/'] sets the Path flagttl: [Default: session expiresIn if set] sets the Expires and Max-Age flagsexpiresIn: session expiration in millisecondsname: [Default: 'id'] name of the cookiekey: signing key. Prevents weaknesses in randomness from affecting overall securitysize: [Default: 16] number of random bytes in the session idvhost: [Default: *] host or list of hosts that plugin should be enabled forexpiresIn and ttl options do?When the session expiresIn is not set, the cookie ttl is not set and the cache expiresIn is 2147483647. This creates a true session cookie, i.e. one that is deleted when the browser is closed, but will last forever otherwise. This is the default with no configuration.
When the session expiresIn is set, it defaults both the cookie ttl and the cache expiresIn to the same value. This creates a session that will last expiresIn milliseconds. Even if the cookie ttl is ignored by the browser, the server-side cache will expire.
More complex configurations are possible. For example, when the session expiresIn is set and the cookie ttl is explicitly set to null, a session will last until the browser is closed, but no longer than expiresIn milliseconds.
delete request.session;
will unset the cookie and delete the session from the cache.
FAQs
Simple server-side session support for hapi
We found that hapi-server-session-next demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.