Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

next-session

Package Overview
Dependencies
Maintainers
1
Versions
37
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

next-session

Simple promise-based session middleware for Next.js

  • 3.0.0
  • Source
  • npm
  • Socket score
Version published
Weekly downloads
4.4K
decreased by-40.77%
Maintainers
1
Weekly downloads
 
Created
Source

next-session

npm minified size CircleCI codecov PRs Welcome

Simple promise-based session middleware for Next.js.

Installation

// NPM
npm install next-session
// Yarn
yarn add next-session

Usage

:point_right: Upgrading from v1.x to v2.x? Please read the release notes here!

:point_right: Upgrading from v2.x to v3.x? Please read the release notes here!

next-session has several named exports:

  • session to be used as a Connect/Express middleware.
  • withSession to be used as higher order component or API Routes wrapper.
  • applySession, to manually initialize next-session by providing req and res.

Use one of them to work with next-session.

{ session }

This is next-session as a Connect middleware. Thus, you can also use it in Express.js.

import { session } from 'next-session';

app.use(session({ ...options }));

One way to use this in Next.js is through next-connect.

{ withSession }

Named import withSession from next-session.

import { withSession } from 'next-session';
API Routes
function handler(req, res) {
  req.session.views = req.session.views ? req.session.views + 1 : 1;
  res.send(
    `In this session, you have visited this website ${req.session.views} time(s).`
  );
}
export default withSession(handler, opts);
Pages (getInitialProps)

Note: This usage is not recommended. next@>9.3.0 recommends using getServerSideProps instead of getInitialProps.

You can use next-session in getInitialProps. This will work on server only (first render).

function Page({ views }) {
  return (
    <div>In this session, you have visited this website {views} time(s).</div>
  );
}

Page.getInitialProps = ({ req }) => {
  let views;
  if (typeof window === 'undefined') {
    // req.session is only available on server-side.
    req.session.views = req.session.views ? req.session.views + 1 : 1;
    views = req.session.views;
  }
  // WARNING: On client-side routing, neither req nor req.session is available.
  return { views };
};

export default withSession(Page, opts);

If you want session to always be available, consider using { applySession } in getServerSideProps.

{ applySession }

applySession is the internal function used by both withSession and session to handle session in req and res. It returns a promise when session is set up in req.session.

import { applySession } from "next-session";
/* ... */
await applySession(req, res, opts);
// do whatever you need with req and res after this
API Routes
export default async function handler(req, res) {
  await applySession(req, res, opts);
  res.send(
    `In this session, you have visited this website ${req.session.views} time(s).`
  );
}
Pages (getServerSideProps)

You can use next-session in getServerSideProps.

export default function Page(props) {
  return (
    <div>In this session, you have visited this website {views} time(s).</div>
  );
}

export async function getServerSideProps({ req, res }) {
  await applySession(req, res, opts);
  req.session.views = req.session.views ? req.session.views + 1 : 1;
  return {
    props: {
      views: req.session.views
    }
  }
}

API

options

Regardless of the above approaches, to avoid bugs, you want to reuse the same options to in every route. For example:

// Define the option only once
// lib/session.js
export const option = { ...someOptions };

// Always import it at other places
// pages/index.js
import { option } from '../lib/session';
/* ... */
export withSession(Page, options);
// pages/api/index.js
import { option } from '../../lib/session';
export default withSession(handler, option);

next-session accepts the properties below.

optionsdescriptiondefault
nameThe name of the cookie to be read from the request and set to the response.sid
storeThe session store instance to be used.MemoryStore
genidThe function that generates a string for a new session ID.nanoid
touchAfterOnly touch (extend session lifetime despite no modification) after an amount of time to decrease database load. Setting the value to -1 will disable touch().0 (Touch every time)
rollingExtends the life time of the cookie in the browser if the session is touched. This respects touchAfter.false
autoCommitAutomatically commit session. Disable this if you want to manually session.commit()true
cookie.secureSpecifies the boolean value for the Secure Set-Cookie attribute.false
cookie.httpOnlySpecifies the boolean value for the httpOnly Set-Cookie attribute.true
cookie.pathSpecifies the value for the Path Set-Cookie attribute./
cookie.domainSpecifies the value for the Domain Set-Cookie attribute.unset
cookie.sameSiteSpecifies the value for the SameSite Set-Cookie attribute.unset
cookie.maxAge(in seconds) Specifies the value for the Max-Age Set-Cookie attribute.unset (Browser session)

req.session

This allows you to set or get a specific value that associates to the current session.

//  Set a value
if (loggedIn) req.session.user = 'John Doe';
//  Get a value
const currentUser = req.session.user; // "John Doe"

req.session.destroy()

Destroy to current session and remove it from session store.

if (loggedOut) req.session.destroy();

req.session.commit()

Save the session and set neccessary headers and return Promise. Use this if autoCommit is set to false.

req.session.id

The unique id that associates to the current session.

Session Store

The session store to use for session middleware (see options above).

Implementation

A compatible session store must include three functions: set(sid), get(sid), and destroy(sid). The function touch(sid, session) is recommended. All functions must return Promises (callbacks are not supported). This means many Express/Connect stores are not supported as it. To use them, wrap them with promisifyStore:

import { promisifyStore, withSession } from "next-session";
import ExpressSessionStore from "some-callback-store";
const options = {
  // ...
  store: promisifyStore(new ExpressSessionStore({ ...storeOptions }))
};
// ...
withSession(handler, options);

The store may emit store.emit('disconnect') or store.emit('connect') to inform its readiness. (only works with { session }, Connect middleware version)

Contributing

Please see my contributing.md.

License

MIT

Keywords

FAQs

Package last updated on 12 Mar 2020

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Malicious npm Package Exploits WhatsApp Authentication with Remote Kill Switch for File Destruction

Security News

Research

Malicious npm Package Exploits WhatsApp Authentication with Remote Kill Switch for File Destruction

A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.

By Kush Pandya  -  Nov 15, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc