mozilla
/
node-client-sessions
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
secure sessions stored in cookies
71 коммит 2 Ветки 10 Теги 302 KiB
JavaScript 100%
Перейти к файлу
Lloyd Hilaiel bce5b1d60d move off tarballs back onto upstream distro for cookies at v. 0.2.1 - which is right when the PR which caused us to diverge was merged 2013-03-15 14:00:12 -06:00
lib undefined session values should return undefined 2012-08-16 14:07:30 -07:00
scripts started putting together basic components, specifically proxies to get the session object to behave properly 2011-12-28 21:58:19 -08:00
test undefined session values should return undefined 2012-08-16 14:07:30 -07:00
.gitignore basic package structure 2011-12-28 15:18:31 -08:00
.travis.yml 💎 Added travis.yml file 💎 2012-08-23 08:34:54 +00:00
LICENSE Add a license to the project 2012-12-03 16:19:07 +13:00
README.md fix link to travis-ci badge 2013-03-15 13:35:58 -06:00
package.json move off tarballs back onto upstream distro for cookies at v. 0.2.1 - which is right when the PR which caused us to diverge was merged 2013-03-15 14:00:12 -06:00

README.md

build status

Secure sessions stored in cookies, for node.js Middleware for Connect / Express apps.

Session content is secure and tamper-free.

This does not use connect's built-int session middleware, because, if it did, things would get nasty in implementation given the conflict between the session ID and the session content itself. Also, this library uses its own cookie parser so that setup is easier and less error-prone.

I don't recommend using both this middleware and connect's built-in session middleware.

API

var clientSessions = require("client-sessions");
app.use(clientSessions({
    cookieName: 'session_state',    // defaults to session_state
    secret: 'blargadeeblargblarg', // MUST be set
    // true session duration:
    // will expire after duration (ms)
    // from last session.reset() or
    // initial cookieing.
    duration: 24 * 60 * 60 * 1000, // defaults to 1 day
  }));

// later, in a request
req.session.foo = 'bar';
req.session.baz = 'baz2';
// results in a Set-Cookie header

console.log(req.session.baz)
// no updates to session results in no Set-Cookie header

// and then
if (req.session.foo == 'bar') {
  // do something
}

// reset the session, preserving some variables
// if they exist. This means the session's creation time
// will be reset to now, with expiration in duration (ms).
req.session.reset(['csrf']);

Optionally, if you'd like more explicit control over the cookie parameters you can do:

app.use(clientSessions({
    cookieName: 'session_state',    // defaults to session_state
    secret: 'blargadeeblargblarg', // MUST be set
    // true session duration:
    // will expire after duration (ms)
    // from last session.reset() or
    // initial cookieing.
    duration: 24 * 60 * 60 * 1000, // defaults to 1 day
    cookie: {
      path: '/api',
      // cookie expiration parameters
      // this gets updated on every cookie call,
      // so it's not appropriate for saying that the session
      // expires after 2 weeks, for example, since the cookie
      // may get updated regularly and push the time back.
      maxAge: 14 * 24 * 60 * 60 * 1000 // in ms
      httpOnly: true, // defaults to true
      secure: false   // defaults to false
    }
  }));