npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

koa-session-minimal

v4.0.3

Published

Minimal implementation of session middleware for Koa 2. Inspired by and compatible with koa-generic-session

Downloads

1,328

Readme

koa-session-minimal

NPM version Downloads Build Status codecov

Native Koa 2 session middleware, inspired by and compatible with koa-generic-session. This can be used as a drop-in replacement for koa-generic-session in Koa 2.

This rewrite implements koa-generic-session's essential interfaces, with around 100 lines of code in ES6. It supports existing session stores for koa-generic-session.

Version 4+ requires node 8+. Please use v3.0.4 for node versions older than 8.

Minimum features and storage usage

This middleware guarantees the following:

  • Minimum data generation and storage. No session data modification / pollution.
    • Neither a cookie nor a session store record is created unless session data gets populated by other middlewares.
    • Cookie options are not saved in the ctx.session object or session store (try to address this concern).
  • Minimum updates on cookie and session store. Cookie and session store only get updated when session data has been changed.
    • When ctx.session gets updated (is a non-empty object), cookie and store data will be updated with new values and new expiration time (maxAge).
    • When ctx.session gets cleared ( = {} or null ), cookie and store data will be deleted.
    • If a session has not been updated within maxAge, its data will be expired.
  • Minimum public interfaces and configuration options.
    • Cookie options: maxAge, path, domain, secure, httpOnly
    • Session interfaces: session, sessionHandler { regenerateId() }
    • Store interfaces: get(), set(), destroy()

Installation

$ npm install koa-session-minimal

Usage

const Koa = require('koa')
const session = require('koa-session-minimal')
const redisStore = require('koa-redis')

const app = new Koa()

app.use(session({
  store: redisStore()
}))

// count middleware, increment when url = /add
app.use(async (ctx, next) => {
  ctx.session.count = ctx.session.count || 0
  if (ctx.path === '/add') ctx.session.count++

  await next()

  ctx.body = ctx.session.count
})

app.listen(3000)

Interfaces

  • session data via ctx.session (the same way as koa-generic-session)
  • session methods via ctx.sessionHandler
    • regenerateId(): regenerate session id

Options

  • key: session cookie name and store key prefix
  • store: session store
  • cookie: cookie options, can be an object (static cookie options) or a function that returns an object (dynamic cookie options). Only maxAge, path, domain, secure, httpOnly are supported as option keys (see option details in cookies module).

Session expiration

Default session has settings cookie.maxAge = 0 for cookie and ttl = ONE_DAY for session store, means that a session will be expired in one of the following circumstances:

  • A user close the browser window (transient cookie ends)
  • Session data hasn't been updated within ONE_DAY (storage expires)

With settings that cookie.maxAge > 0, the ttl for store data will be always the same as maxAge.

Dynamic session expiration (cookie options)

When setting cookie option to a plain object, all sessions will use the same cookie options. If a function is assigned to cookie, cookie options will be dynamically calculated at each (non-empty) session's saving stage. For example, you can use an arrow function to set different maxAge for user and guest sessions, as below:

session({
  cookie: ctx => ({
    maxAge: ctx.session.user ? ONE_MONTH : 0
  })
})

Session security

Middlewares are recommended to call sessionHandler.regenerateId() during authentication state change (login). This middleware provides the essential interface, It will be other middleware's decision on when and how often they want to roll the session id.

NOTE: Below is mostly copied from koa-generic-session's README, because the two middlewares share the same store interfaces. Any store that implements koa-generic-session's store interfaces should also work with koa-session-minimal. koa-redis is tested as an example in test/store_redis.test.js

Session store

You can use any other store to replace the default MemoryStore, it just needs to follow this api:

  • get(sid): get session object by sid
  • set(sid, sess, ttl): set session object for sid, with a ttl (in ms)
  • destroy(sid): destroy session for sid

the api needs to return a Promise, Thunk, generator, or an async function.

Stores presented

License

MIT