@focus21/iron-cookie-session
Session middleware with cookie storage and Iron encryption.
Installation
pnpm add --save @focus21/iron-cookie-sessionUsage
import IronCookieSession from "@focus21/iron-cookie-session";
import Iron from "@hapi/iron";
const session = new IronCookieSession({
// Used to encrypt the session.
// Required. Must be at least 32 characters.
sessionSecret: process.env.WEB_APP_SESSION_SECRET,
// The name of the cookie as stored on the client-side.
// Optional. Defaults to `"sess"`.
cookieName: "sess",
// Options passed to `cookie.serialize`.
// See also: https://www.npmjs.com/package/cookie
// Optional. Defaults to `{}`.
cookieOptions: {
// If specified, the max age of the cookie will be enforced in middleware.
// Optional. Defaults to empty.
maxAge: 60 * 60 * 8,
// Other recommended options for cookies:
httpOnly: true,
path: "/",
sameSite: "lax",
secure: process.env.NODE_ENV === "production",
},
// Options for `Iron.seal` and `Iron.unseal`.
// See also: https://www.npmjs.com/package/@hapi/iron
// Optional. Defaults to `Iron.defaults`.
ironOptions: Iron.defaults,
// Where to store metadata inside the session.
// Optional. Defaults to `"sessionMeta"`.
metadataKey: "sessionMeta",
// Where to store the session in request objects in middleware.
// Optional. Defaults to `"session"`.
reqKey: "session",
});
// Injects a read-only copy of the session into middleware or other functions.
// The function's first argument must be `ctx` (with `ctx.req` available) or `req`.
export const { withSession } = session;
// The middleware for use with a server.
export default session.middleware;