$ npm install koa-session
Simple session middleware for Koa. Defaults to cookie-based sessions and supports external stores.
Requires Node 7.6 or greater for async/await support
$ npm install koa-session
View counter example:
var session = require('koa-session');
var koa = require('koa');
var app = koa();
app.keys = ['some secret hurr'];
var CONFIG = {
key: 'koa:sess', /** (string) cookie key (default is koa:sess) */
/** (number || 'session') maxAge in ms (default is 1 days) */
/** 'session' will result in a cookie that expires when session/browser is closed */
/** Warning: If a session cookie is stolen, this cookie will never expire */
maxAge: 86400000,
overwrite: true, /** (boolean) can overwrite or not (default true) */
httpOnly: true, /** (boolean) httpOnly or not (default true) */
signed: true, /** (boolean) signed or not (default true) */
rolling: false, /** (boolean) Force a session identifier cookie to be set on every response. The expiration is reset to the original maxAge, resetting the expiration countdown. (default is false) */
renew: false, /** (boolean) renew session when session is nearly expired, so we can always keep user logged in. (default is false)*/
};
app.use(session(CONFIG, app));
// or if you prefer all default config, just use => app.use(session(app));
app.use(function *(){
// ignore favicon
if (this.path === '/favicon.ico') return;
var n = this.session.views || 0;
this.session.views = ++n;
this.body = n + ' views';
})
app.listen(3000);
console.log('listening on port 3000');
For Koa 2, use koa-convert to convert the session middleware :
const koa = require('koa');
const session = require('koa-session')
const convert = require('koa-convert');
const app = new koa();
app.use(convert(session(app)));
// codes
The cookie name is controlled by the key
option, which defaults
to "koa:sess". All other options are passed to ctx.cookies.get()
and
ctx.cookies.set()
allowing you to control security, domain, path,
and signing among other settings.
encode/decode
SupportUse options.encode
and options.decode
to customize your own encode/decode methods.
valid()
: valid session value before use itbeforeSave()
: hook before save sessionSession will store in cookie by default, but it has some disadvantages:
You can store the session content in external stores(redis, mongodb or other DBs) by pass options.store
with three methods(need to be generator function or async function):
get(key, maxAge, { rolling })
: get session object by keyset(key, sess, maxAge, { rolling, changed })
: set session object for key, with a maxAge
(in ms)destroy(key)
: destroy session for keyOnce you passed options.store
, session is strong dependent on your external store, you can't access session if your external store is down. Use external session stores only if necessary, avoid use session as a cache, keep session lean and stored by cookie!
The way of generating external session id is controlled by the options.genid
, which defaults to Date.now() + '-' + uid.sync(24)
.
If you want to add prefix for all external session id, you can use options.prefix
, it will not work if options.genid
present.
If your session store requires data or utilities from context, opts.ContextStore
is alse supported. ContextStore
must be a class which claims three instance methods demonstrated above. new ContextStore(ctx)
will be executed on every request.
koa-session
will emit event on app
when session expired or invalid:
session:missed
: can't get session value from external store.session:invalid
: session value is invalid.session:expired
: session value is expired.Returns true if the session is new.
if (this.session.isNew) {
// user has not logged in
} else {
// user has already logged in
}
Get cookie's maxAge.
Set cookie's maxAge.
To destroy a session simply set it to null
:
this.session = null;
MIT
© 2010 - cnpmjs.org x YWFE | Home | YWFE