NodeSession
Since HTTP driven applications are stateless, sessions provide a way to store information about the user across requests.
NodeSession ships with a variety of session back-ends available for use through a clean, unified API. Support for
back-ends such as File and databases is included out of the box.
Installation
The source is available for download from GitHub. Alternatively, you
can install using Node Package Manager (npm):
npm install node-session
Session Usage
Initialization
var NodeSession = require('node-session');
session = new NodeSession({secret: 'Q3UBzdH9GEfiRCTKbi5MTPyChpzXLsTD'});
session.startSession(req, res, callback)
Accessing sessions
The session can be accessed via the HTTP request's session property.
Storing An Item In The Session
req.session.put('key', 'value');
Push A Value Onto An Array Session Value
req.session.push('user.teams', 'developers');
Retrieving An Item From The Session
var value = req.session.get('key');
Retrieving An Item Or Returning A Default Value
var value = req.session.get('key', 'default');
Retrieving An Item And Forgetting It
var value = req.session.pull('key', 'default');
Retrieving All Data From The Session
var data = req.session.all();
Determining If An Item Exists In The Session
if (req.session.has('users'))
{
}
Removing An Item From The Session
req.session.forget('key');
Removing All Items From The Session
req.session.flush();
Regenerating The Session ID
req.session.regenerate();
Flash Data
Sometimes you may wish to store items in the session only for the next request. You may do so using the
req.session.flash
method:
req.session.flash('key', 'value');
Reflashing The Current Flash Data For Another Request
req.session.reflash();
Reflashing Only A Subset Of Flash Data
req.session.keep('username', 'email');
CSRF Token
By default NodeSession generates and keeps CSRF token for your application in session.
Access CSRF token
req.session.getToken()
Regenerate CSRF token
req.session.regenerateToken()
configuration
Configuration options are passed during initialization of NodeSession module as an object. NodeSession supports following configuration
options.
{
'secret': 'Q3UBzdH9GEfiRCTKbi5MTPyChpzXLsTD'
'driver': 'file',
'lifetime': 300000,
'expireOnClose': false,
'files': process.cwd() + '/sessions',
'connection': {
'adapter': 'sails-mongo',
'host': 'localhost',
'port': 27017,
'user': 'tron',
'password': '',
'database': 'tron'
},
'table': 'sessions',
'lottery': [2, 100],
'cookie': 'node_session',
'path': '/',
'domain': null,
'secure': false
'encrypt': false
}
The NodeSession uses the flash session key internally, so you should not add an item to the session by that name.
Database Sessions
When using the database session driver, you may need to setup a table to contain the session items based on database.
Below is a required schema for the table:
filed | type | index |
---|
id | string | unique |
payload | string | |
lastActivity | integer | |
Session Drivers
The session "driver" defines where session data will be stored for each request. NodeSession ships with several great
drivers out of the box:
- file - sessions will be stored in files in a specified location.
- database - sessions will be stored in a database.
To do
License
The NodeSession is open-sourced software licensed under the MIT license.