koa-session
Advanced tools
koa-session is a session middleware for Koa, a popular web framework for Node.js. It provides a way to manage user sessions, including storing session data, setting session cookies, and handling session expiration.
Basic Session Setup
This code sets up a basic Koa application with session management. It configures the session middleware with various options like cookie key, max age, and httpOnly flag. The middleware is then used to track the number of views for each session.
const Koa = require('koa');
const session = require('koa-session');
const app = new Koa();
app.keys = ['some secret hurr'];
const CONFIG = {
key: 'koa:sess', // cookie key (default is koa:sess)
maxAge: 86400000, // cookie's max age in ms (1 day)
autoCommit: true, // automatically commit headers (default true)
overwrite: true, // can overwrite or not (default true)
httpOnly: true, // httpOnly or not (default true)
signed: true, // signed or not (default true)
rolling: false, // Force a session identifier cookie to be set on every response. The expiration is reset to the original maxAge, resetting the expiration countdown.
renew: false, // renew session when session is nearly expired, so we can always keep user logged in.
};
app.use(session(CONFIG, app));
app.use(ctx => {
if (ctx.path === '/favicon.ico') return;
let n = ctx.session.views || 0;
ctx.session.views = ++n;
ctx.body = n + ' views';
});
app.listen(3000);Custom Session Store
This code demonstrates how to use a custom session store with koa-session. The custom store is implemented using a simple in-memory Map. The store object provides methods for getting, setting, and destroying session data.
const Koa = require('koa');
const session = require('koa-session');
const app = new Koa();
app.keys = ['some secret hurr'];
const store = {
storage: new Map(),
get(key) {
return this.storage.get(key);
},
set(key, sess) {
this.storage.set(key, sess);
},
destroy(key) {
this.storage.delete(key);
}
};
const CONFIG = {
store,
};
app.use(session(CONFIG, app));
app.use(ctx => {
if (ctx.path === '/favicon.ico') return;
let n = ctx.session.views || 0;
ctx.session.views = ++n;
ctx.body = n + ' views';
});
app.listen(3000);Session Regeneration
This code shows how to regenerate a session in koa-session. When the user accesses the '/regenerate' path, the session is regenerated, which can be useful for security purposes, such as after a user logs in.
const Koa = require('koa');
const session = require('koa-session');
const app = new Koa();
app.keys = ['some secret hurr'];
const CONFIG = {};
app.use(session(CONFIG, app));
app.use(async ctx => {
if (ctx.path === '/favicon.ico') return;
if (ctx.path === '/regenerate') {
await ctx.regenerateSession();
ctx.body = 'Session regenerated';
} else {
let n = ctx.session.views || 0;
ctx.session.views = ++n;
ctx.body = n + ' views';
}
});
app.listen(3000);express-session is a session middleware for Express, another popular web framework for Node.js. It provides similar functionalities to koa-session, such as session storage, cookie management, and session expiration. However, it is designed to work with Express rather than Koa.
cookie-session is a lightweight session middleware that stores session data in cookies rather than on the server. This can be useful for small session data and simplifies the setup by not requiring a session store. It works with both Koa and Express.
koa-generic-session is another session middleware for Koa. It provides more flexibility and customization options compared to koa-session, such as support for different session stores and more advanced session management features.
Simple cookie-based session middleware for Koa.
$ npm install koa-session
View counter example:
var session = require('koa-session');
var koa = require('koa');
var app = koa();
app.keys = ['some secret hurr'];
app.use(session(app));
app.use(function *(){
// ignore favicon
if (this.path === '/favicon.ico') return;
var n = this.session.views || 0;
this.session.views = ++n;
this.body = n + ' views';
})
app.listen(3000);
console.log('listening on port 3000');
For Koa 2, use koa-convert to convert the session middleware :
const koa = require('koa');
const session = require('koa-session')
const convert = require('koa-convert');
const app = new koa();
app.use(convert(session(app)));
// codes
This module provides "guest" sessions, meaning any visitor will have a session, authenticated or not. If a session is new a Set-Cookie will be produced regardless of populating the session.
The cookie name is controlled by the key option, which defaults
to "koa:sess". All other options are passed to ctx.cookies.get() and
ctx.cookies.set() allowing you to control security, domain, path,
and signing among other settings.
encode/decode SupportUse options.encode and options.decode to customize your own encode/decode methods.
valid(): valid session value before use itbeforeSave(): hook before save sessionReturns true if the session is new.
Get cookie's maxAge.
Set cookie's maxAge.
To destroy a session simply set it to null:
this.session = null;
This module only supports cookie sessions. There are many other modules listed in koa's wiki for sessions that use database storage. Unlike Connect 2.x's session middleware, there is no main "session" middleware that you plugin different stores - each store is a completely different module.
If you're interested in creating your own koa session store, feel free to fork/extend this repository and add additional tests. At a minimum, it should pass this repositories' tests that apply. Ideally, there would be a central repository with specifications and tests for all koa sessions, which would allow interoperability and consistency between session modules. If you're interested in working on such a project, let us know!
MIT
FAQs
Koa cookie session middleware with external store support
The npm package koa-session receives a total of 163,678 weekly downloads. As such, koa-session popularity was classified as popular.
We found that koa-session demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.