Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up

Simple session middleware for koa

License

NotificationsYou must be signed in to change notification settings

koajs/session

Repository files navigation

NPM versionNode.js CITest coverageKnown Vulnerabilitiesnpm downloadNode.js VersionPRs Welcome

Simple session middleware for Koa. Defaults to cookie-based sessions and supports external stores.

Installation

npm install koa-session

Notice

7.x has a breaking change: drop Node.js < 18.19.0 support. And it support CommonJS and ESM both.

6.x changed the default cookie key fromkoa:sess tokoa.sess to ensureset-cookie value valid with HTTP spec.See issue.If you want to be compatible with the previous version, you can manually setconfig.key tokoa:sess.

Example

View counter example:

importKoafrom'koa';importsessionfrom'koa-session';constapp=newKoa();app.keys=['some secret hurr'];constCONFIG={key:'koa.sess',/** (string) cookie key (default is koa.sess) *//** (number || 'session') maxAge in ms (default is 1 days) *//** 'session' will result in a cookie that expires when session/browser is closed *//** Warning: If a session cookie is stolen, this cookie will never expire */maxAge:86400000,autoCommit:true,/** (boolean) automatically commit headers (default true) */overwrite:true,/** (boolean) can overwrite or not (default true) */httpOnly:true,/** (boolean) httpOnly or not (default true) */signed:true,/** (boolean) signed or not (default true) */rolling:false,/** (boolean) Force a session identifier cookie to be set on every response. The expiration is reset to the original maxAge, resetting the expiration countdown. (default is false) */renew:false,/** (boolean) renew session when session is nearly expired, so we can always keep user logged in. (default is false)*/secure:true,/** (boolean) secure cookie*/sameSite:null,/** (string) session cookie sameSite options (default null, don't set it) */};app.use(session(CONFIG,app));// or if you prefer all default config, just use => app.use(session(app));app.use(ctx=>{// ignore faviconif(ctx.path==='/favicon.ico')return;letn=ctx.session.views||0;ctx.session.views=++n;ctx.body=n+' views';});app.listen(3000);console.log('listening on port 3000');

API

Options

The cookie name is controlled by thekey option, which defaultsto "koa.sess". All other options are passed toctx.cookies.get() andctx.cookies.set() allowing you to control security, domain, path,and signing among other settings.

Customencode/decode Support

Useoptions.encode andoptions.decode to customize your own encode/decode methods.

Hooks

  • valid(): valid session value before use it
  • beforeSave(): hook before save session

External Session Stores

The session is stored in a cookie by default, but it has some disadvantages:

  • Session is stored on client side unencrypted

  • Browser cookies always have length limits

    You can store the session content in external stores (Redis, MongoDB or other DBs) by passingoptions.store with three methods (these need to be async functions):

  • get(key, maxAge, { rolling, ctx }): get session object by key

  • set(key, sess, maxAge, { rolling, changed, ctx }): set session object for key, with amaxAge (in ms)

  • destroy(key, {ctx}): destroy session for key

    Once you passoptions.store, session storage is dependent on your external store -- you can't access the session if your external store is down.Use external session stores only if necessary, avoid using session as a cache, keep the session lean, and store it in a cookie if possible!

    The way of generating external session id is controlled by theoptions.genid(ctx), which defaults touuid.v4().

    If you want to add prefix for all external session id, you can useoptions.prefix, it will not work ifoptions.genid(ctx) present.

    If your session store requires data or utilities from context,opts.ContextStore is also supported.ContextStore must be a class which claims three instance methods demonstrated above.new ContextStore(ctx) will be executed on every request.

Events

koa-session will emit event onapp when session expired or invalid:

  • session:missed: can't get session value from external store.
  • session:invalid: session value is invalid.
  • session:expired: session value is expired.

Custom External Key

External key is used the cookie by default, but you can useoptions.externalKey to customize your own external key methods.options.externalKey with two methods:

  • get(ctx): get the external key
  • set(ctx, value): set the external key

Session#isNew

Returnstrue if the session is new.

if(this.session.isNew){// user has not logged in}else{// user has already logged in}

Session#maxAge

Get cookie's maxAge.

Session#maxAge=

Set cookie's maxAge.

Session#externalKey

Get session external key, only exist when external session store present.

Session#save()

Save this session no matter whether it is populated.

Session#manuallyCommit()

Session headers are auto committed by default. Use this ifautoCommit is set tofalse.

Destroying a session

To destroy a session simply set it tonull:

this.session=null;

License

MIT

Contributors

Contributors

Made withcontributors-img.

[8]ページ先頭
©2009-2025 Movatter.jp