Skip to content

mrsimonemms/cookie-session

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits

.devcontainer

.devcontainer

 
 

.github/workflows

.github/workflows

 
 

.vscode

.vscode

 
 

example

example

 
 

src

src

 
 

.commitlintrc.yaml

.commitlintrc.yaml

 
 

.cruft.json

.cruft.json

 
 

.editorconfig

.editorconfig

 
 

.eslintrc.cjs

.eslintrc.cjs

 
 

.gitignore

.gitignore

 
 

.gitpod.yml

.gitpod.yml

 
 

.licenserc.yaml

.licenserc.yaml

 
 

.markdownlint.json

.markdownlint.json

 
 

.pre-commit-config.yaml

.pre-commit-config.yaml

 
 

.prettierignore

.prettierignore

 
 

.prettierrc

.prettierrc

 
 

CODE_OF_CONDUCT.md

CODE_OF_CONDUCT.md

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

package-lock.json

package-lock.json

 
 

package.json

package.json

 
 

tsconfig.build.json

tsconfig.build.json

 
 

tsconfig.json

tsconfig.json

 
 

Repository files navigation

cookie-session

Drop-in replacement for Express session using a cookie

Getting started

Install

npm i -S @mrsimonemms/cookie-session

Use

There is a fully-worked example in the example directory

import express from 'express';
import { CookieSession } from '@mrsimonemms/cookie-session';

const app = express();

app
  .use(
    CookieSession.express({
      flash: true, // This will delete the data once read
      secret: 'this-is-a-secret-signing-key', // Must be minimum of 16 characters
    }),
  )
  .get('/', (req, res) => {
    // If done using "flash", this will delete the "date" session, but not "date2"
    const { date } = req.session;

    res.json({ sessionId: req.sessionID, getter: { date } });
  })
  .get('/set', (req, res) => {
    const date = new Date();
    req.session.date = date;
    req.session.data2 = date;

    res.json({ setter: { date } });
  })
  .listen(3000, () => {
    console.log('Lisening');
  });

What's the purpose of this library?

I was recently building an API for an application that used OIDC for managing its authentication. RESTful API should ALWAYS be build in a stateless manner. However, the OIDC workflow requires a session to link data between sending and verification.

Using a fully-blown Express Session wasn't necessary for my purposes - I didn't want to have to add a Redis backend to store the session data. The amount of data stored will always be under 4kb so a cookie is more than adequate.

I also wanted to have the concept of "flash" data - that is a piece of data that is immediately deleted once read. As my use-case is an API and exists purely as link data, enforcing flash sessions prevents the data from being relied upon by my application.

Similar libraries

  • Client sessions - this was my previous library, but it seems unmaintained (last release in 2014) and doesn't have flash data. Also, no TypeScript support
  • Cookie-session - the official Express method of achieving this. As above, this doesn't have flash data.

Options

Key Type Required Default Description
secret string Y - The secret that signs the cookie data. Min of 16 characters
duration number N 86400000 Duration of the JSON web token in milliseconds - the cookie age is controlled in cookie
flash boolean N false If true, data will be deleted once read
name string N session Name of the cookie
cookie Cookies.SetOption N { path: '/' } See Cookies.SetOption

Contributing

Open in Gitpod

Open in a container

About

Drop-in replacement for Express session using a cookie

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases 1

v0.1.0 Latest
Jan 30, 2024

Packages

No packages published

Languages