Skip to content

jxa/Connect-Cookie-Session-Storage

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
lib
lib
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
example.js
example.js
 
 
index.js
index.js
 
 
package.json
package.json
 
 

Repository files navigation

Cookie Sessions

Connect middleware to allow you to store your sessions directly in the client's cookie.

Session data is made available through the request.session property.

var connect        = require("connect"),
    cookieSessions = require("./index");

connect(
    connect.cookieParser(), // cookieSessions needs cookieParser
    cookieSessions({
        // You should use your own secret key (and keep it secret!)
        secret : "d3b07384d113edec49eaa6238ad5ff00"
    }),
    function(req, res) {
        var accessCount = (req.session.accessCount || 0);
        req.session.accessCount = accessCount + 1;
        res.writeHead(200, {'Content-Type': 'text/plain'});
        res.end('You have accessed this site ' + accessCount + ' times');
    }
).listen(8080);

Configuration

CookieSessions accepts the following options:

  • secret - The secret key used to encrypt the session.
  • key - The key to store the cookie under. Defaults to 'connect.sid'.
  • cookie - Options for the cookie, which can include maxAge, httpOnly, path, domain and secure.
  • cookieEncoder - A custom encoder to converting the session data to a cookie string and back again. If a custom encoder is used, secret will be ingored. It is up to you to configure the secret key for your encoder if you want one (and you should!)

Example:

cookieSessions({
    secret : "d3b07384d113edec49eaa6238ad5ff00",
    key    : "wonder_app_key",
    // cookie maxAge defaults to 14400000, path defaults to '/' and
    // httpOnly defaults to true.
    cookie : {
        secure : true,
        domain : 'blog.example.com'
    }
})

Session Storage

All session data is encoded in the cookie and passed back to the client at the end of a request. On the next request from the client, the cookie is returned and is decoded to restore the session state.

By deafult, Cookie Sessions encodes the sessions data as JSON and encrypts it using AES-192 using the secret key that you supply. This should prevent the end user from being able to modify their cookie.

Cookies can only store 4k of data so the amount of data you can store in your session is limited by this.

You can easily implement you own way of encoding the session data in the cookie by providing a custom encoder. Your encoder must supply the following methods:

encode(sessionData) - turn a javascript object into a string which can be
                      stored in the cookie.
decode(cookieData)  - turn the cookie string back into a javascript object.
                      This is then set as the session.
valid(cookieData)   - Test whether the cookie string can be decoded. If the 
                      cookie is corrupt or has been tampered with this
                      should return false. If it returns true then 
                      decode() must be able to return a valid session.

See lib/encoders/json.js for the default implemention.

About

A Cookie based session store for the Connect middleware layer for Node.js

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 100.0%