Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/koajs/session
Simple session middleware for koa
https://github.com/koajs/session
koa koa-session session
Last synced: 3 months ago
JSON representation
Simple session middleware for koa
- Host: GitHub
- URL: https://github.com/koajs/session
- Owner: koajs
- License: mit
- Created: 2013-11-06T22:33:49.000Z (over 10 years ago)
- Default Branch: master
- Last Pushed: 2023-02-04T14:57:11.000Z (over 1 year ago)
- Last Synced: 2024-03-24T08:22:05.154Z (3 months ago)
- Topics: koa, koa-session, session
- Language: JavaScript
- Homepage:
- Size: 240 KB
- Stars: 893
- Watchers: 12
- Forks: 112
- Open Issues: 55
-
Metadata Files:
- Readme: Readme.md
- Changelog: History.md
- License: LICENSE
Lists
- awesome-koa - session - Simple cookie-based session middleware (Middleware)
- awesome-stars - koajs/session - Simple session middleware for koa (JavaScript)
- awesome-stars - koajs/session - Simple session middleware for koa (JavaScript)
- awesome-stars - koajs/session - Simple session middleware for koa (JavaScript)
- awesome-koa - koa-session - 简单基于Cookie的Session中间件。 ![](https://img.shields.io/github/stars/koajs/session.svg?style=social&label=Star) ![](https://img.shields.io/npm/dm/koa-session.svg?style=flat-square) (仓库 / 中间件)
- awesome-humanscape - koa-session - session 관리를 위한 middleware (Node.js, koa / Utilites)
README
# koa-session
[![NPM version][npm-image]][npm-url]
[![Node.js CI](https://github.com/koajs/session/actions/workflows/nodejs.yml/badge.svg)](https://github.com/koajs/session/actions/workflows/nodejs.yml)
[![npm download][download-image]][download-url][npm-image]: https://img.shields.io/npm/v/koa-session.svg?style=flat-square
[npm-url]: https://npmjs.org/package/koa-session
[download-image]: https://img.shields.io/npm/dm/koa-session.svg?style=flat-square
[download-url]: https://npmjs.org/package/koa-sessionSimple session middleware for Koa. Defaults to cookie-based sessions and supports external stores.
*Requires Node 8.0.0 or greater for async/await support*
## Installation
```js
$ npm install koa-session
```## Notice
6.x changed the default cookie key from `koa:sess` to `koa.sess` to ensure `set-cookie` value valid with HTTP spec.[see issue](https://github.com/koajs/session/issues/28). If you want to be compatible with the previous version, you can manually set `config.key` to `koa:sess`.
## Example
View counter example:
```js
const session = require('koa-session');
const Koa = require('koa');
const app = new Koa();app.keys = ['some secret hurr'];
const CONFIG = {
key: 'koa.sess', /** (string) cookie key (default is koa.sess) */
/** (number || 'session') maxAge in ms (default is 1 days) */
/** 'session' will result in a cookie that expires when session/browser is closed */
/** Warning: If a session cookie is stolen, this cookie will never expire */
maxAge: 86400000,
autoCommit: true, /** (boolean) automatically commit headers (default true) */
overwrite: true, /** (boolean) can overwrite or not (default true) */
httpOnly: true, /** (boolean) httpOnly or not (default true) */
signed: true, /** (boolean) signed or not (default true) */
rolling: false, /** (boolean) Force a session identifier cookie to be set on every response. The expiration is reset to the original maxAge, resetting the expiration countdown. (default is false) */
renew: false, /** (boolean) renew session when session is nearly expired, so we can always keep user logged in. (default is false)*/
secure: true, /** (boolean) secure cookie*/
sameSite: null, /** (string) session cookie sameSite options (default null, don't set it) */
};app.use(session(CONFIG, app));
// or if you prefer all default config, just use => app.use(session(app));app.use(ctx => {
// ignore favicon
if (ctx.path === '/favicon.ico') return;let n = ctx.session.views || 0;
ctx.session.views = ++n;
ctx.body = n + ' views';
});app.listen(3000);
console.log('listening on port 3000');
```## API
### Options
The cookie name is controlled by the `key` option, which defaults
to "koa.sess". All other options are passed to `ctx.cookies.get()` and
`ctx.cookies.set()` allowing you to control security, domain, path,
and signing among other settings.#### Custom `encode/decode` Support
Use `options.encode` and `options.decode` to customize your own encode/decode methods.
### Hooks
- `valid()`: valid session value before use it
- `beforeSave()`: hook before save session### External Session Stores
The session is stored in a cookie by default, but it has some disadvantages:
- Session is stored on client side unencrypted
- [Browser cookies always have length limits](http://browsercookielimits.squawky.net/)You can store the session content in external stores (Redis, MongoDB or other DBs) by passing `options.store` with three methods (these need to be async functions):
- `get(key, maxAge, { rolling, ctx })`: get session object by key
- `set(key, sess, maxAge, { rolling, changed, ctx })`: set session object for key, with a `maxAge` (in ms)
- `destroy(key, {ctx})`: destroy session for keyOnce you pass `options.store`, session storage is dependent on your external store -- you can't access the session if your external store is down. **Use external session stores only if necessary, avoid using session as a cache, keep the session lean, and store it in a cookie if possible!**
The way of generating external session id is controlled by the `options.genid(ctx)`, which defaults to `uuid.v4()`.
If you want to add prefix for all external session id, you can use `options.prefix`, it will not work if `options.genid(ctx)` present.
If your session store requires data or utilities from context, `opts.ContextStore` is also supported. `ContextStore` must be a class which claims three instance methods demonstrated above. `new ContextStore(ctx)` will be executed on every request.
### Events
`koa-session` will emit event on `app` when session expired or invalid:
- `session:missed`: can't get session value from external store.
- `session:invalid`: session value is invalid.
- `session:expired`: session value is expired.### Custom External Key
External key is used the cookie by default, but you can use `options.externalKey` to customize your own external key methods. `options.externalKey` with two methods:
- `get(ctx)`: get the external key
- `set(ctx, value)`: set the external key### Session#isNew
Returns __true__ if the session is new.
```js
if (this.session.isNew) {
// user has not logged in
} else {
// user has already logged in
}
```### Session#maxAge
Get cookie's maxAge.
### Session#maxAge=
Set cookie's maxAge.
### Session#externalKey
Get session external key, only exist when external session store present.
### Session#save()
Save this session no matter whether it is populated.
### Session#manuallyCommit()
Session headers are auto committed by default. Use this if `autoCommit` is set to `false`.
### Destroying a session
To destroy a session simply set it to `null`:
```js
this.session = null;
```## License
MIT