npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

als-session

v6.2.0

Published

Flexible and secure session management library for Node.js using encrypted cookies.

Downloads

52

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

alexsorkinalexsorkin

Keywords

sessionsession managementsecuritycookiesencrypted cookiesnodejsexpress middlewarehttp middlewaresession middlewareweb development

Readme

als-session

Description

als-session is a powerful and flexible library for managing sessions in Node.js applications. It provides an easy way to store and manage sessions using encrypted cookies.

Advantages of using als-session:

  • Manages client-side sessions using cookies.
  • Automatically encrypts session data to enhance security.
  • Offers flexibility in configuring session parameters including lifespan, access methods, and more.

Change log

  • req.sessionCookieOptions added

Installation

Install als-session using npm or yarn:

npm install als-session

Quick Start

Using with Express

const express = require('express');
const sessionMw = require('als-session');

const app = express();

app.use(sessionMw());

app.get('/', (req, res) => {
   req.session.visits = (req.session.visits || 0) + 1;
   res.send(`Number of visits: ${req.session.visits}`);
});

app.listen(3000, () => console.log('App running on port 3000'));

Using with an HTTP Server

const http = require('http');
const sessionMw = require('als-session')();

const server = http.createServer((req, res) => {
   sessionMw(req, res, () => {
      if (req.url === '/') {
         req.session.visits = (req.session.visits || 0) + 1;
         res.end(`Number of visits: ${req.session.visits}`);
      }
   });
});

server.listen(3000, () => console.log('Server running on port 3000'));

Available session objects:

  • req.session: a proxy object for handling session data.
    • You can delete, create and update properties
    • You can't reasign the session (req.session = {} will throw exception)
  • req.destroySession(): a function to delete all session data.
  • req.sessionCookieOptions: object with cookie options for this response
    • includes defaultoptions
    • Can be changed (for example changing maxAge for temporal sessions)

How It Works

Sessions in als-session are stored in encrypted cookies on the client side. Every change in session data automatically updates the cookie and also sets the timestamp of the last update. The cookie's lifespan is controlled both on the client (through Max-Age and Expires) and on the server.

Advanced Usage

Configuration Parameters

  • maxAge (default: 2592000 seconds) - The lifespan of the cookie in seconds.
  • logger (default: console.log) - A function for logging errors.
  • methods (default: ['GET', 'PUT', 'POST', 'PATCH', 'DELETE']) - HTTP methods for which the session will be activated.
  • name (default: 'session') - The name of the session cookie.
  • sameSite (default: 'lax') - The SameSite attribute for the cookie that helps guard against CSRF attacks. Can be 'lax', 'none', 'strict'.
  • prefix (String, optional) - prefix for encryption
  • cryptOptions (Object, optional) - options for encryption

Example with custom settings:

const sessionConfig = {
   maxAge: 86400,
   logger: message => console.error(message),
   methods: ['GET', 'POST'],
   name: 'mySession',
   sameSite: 'strict'
};

const app = express();
app.use(sessionMiddleware(sessionConfig));