npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

lek-sessions

v2.0.0

Published

'session system'

Downloads

96

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

gabrielitogabrielito

Keywords

Readme

Lek Sessions 2.0.0

Lek Sessions is a personalized and secure session management and storage system. It uses cryptographic techniques to protect session keys and ensures that only authorized developers can access the necessary keys for session verification.

Basic Operation

  1. Key Generation: A unique hexadecimal key (key_A) is generated. A hash of this key (key_B) is created, which can be shared securely.
  2. Encryption and Storage: key_A is encrypted and stored in both a database and a session object on the server. key_B is sent to the client for storage, for example, in a cookie.
  3. Verification: To verify a session, key_B is passed from the client. The server decrypts key_A and checks if the hash of key_A matches key_B.

This strategy ensures that even if an attacker accesses the database, they cannot derive key_A from key_B due to the irreversible nature of the hash.

Installation

Install the package via NPM:

npm install lek-sessions

Initial Setup

Import and set up the module in your project:

require('dotenv').config();
const useLekSessions = require('lek-sessions');
const MANAGER_SECRET = process.env.MANAGER_SECRET; // Key for encrypting/decrypting sessions

(async()=>{
    const { create, confirm } = await useLekSessions(MANAGER_SECRET);
})

1.0.3 ==> 2.0.0 A major change between this and the previous version is that useLekSessions is now asynchronous and no longer returns an init method. it initialises itself.

MANAGER_SECRET should be a robust key that will be used for encrypting sessions before storing them.

System Usage

Creating Sessions

Create a new session for a user:

const keyToCookie = await create('user_id'); // 'user_id' should be a unique identifier for each user

// Optional: Set session expiration and persistence
const sessionWithExpiry = await create('user_id', 3600); // Expires in one hour
const nonPersistentSession = await create('user_id', undefined, false); // Does not persist after server restart

Confirming Sessions

Verify whether a session is legitimate using the key stored in the client's cookie.

if the session is legitimate the function will return the user_id specified in the previous function

if the session is illegitimate or non-existent the function will return false:

const confirmation = await confirm(stringInCookie); // 'stringInCookie' is the value stored in the client's cookie

if (confirmation) {
    console.log('Legitimate session, user_id: ' + confirmation);
} else {
    console.log('Illegitimate session');
}

Security Considerations

  • Ensure to keep MANAGER_SECRET secure and out of the source code.
  • Regularly perform security testing to identify and mitigate potential vulnerabilities.

__1.0.3 ==> 2.0.0__
Cookies generated with a previous version are no longer valid. So you cannot update the package if you are already using version 1.0.3. This is due to a new internal handling of lek-cryptools. If I see interest from someone I can create a method to migrate old cookies.