Although the package has a simple name, it's found to be crucial to properly fetch a client's session if you're using express-session for your session management and want to use a header for your session ID. express-session Only supports fetching a session using cookies, but more and more (mobile) clients disallow cookies to be used. If not running into technical limitations, there are other reasons why you'd want to use a header to pass the session ID rather than a cookie.

The concept is simple. Everything keeps working as it is, but additionally a header of choice is parsed to get the session ID. By default, this is the x-session-id header.

After installing the module using your package manager of choice, use the middleware right before you use the session middleware. Use the same secret in both middlewares.

// First use this middleware...
app.use(SessionFromHeader({secret: 'mySecret'}));  
  
// ... then the express-session middleware
app.use(session({  
  secret: 'mySecret',
  ...

You can pass several options to SessionFromHeader as outlined below with the default values:

{  
  secret: null, // Mandatory, must be the same as the express-session secret
  headerName: 'x-session-id', // Header that is checked for the session ID
  cookieName: 'connect-sid',  // Cookie name, must be the same as the express-session cookie name.
}