Small, fast minimalist session manager for node.
this module is server side only, install it by next command:
$ npm install session-center
- Centralized management session
- Simple to generic or remove session
- Support TS
- Uncoupled, not require any framework
//in js
const sessionCenter = new SessionCenter(config?)
// in ts
const sessionCenter = new SessionCenter < sessionContent?>(config?)
all property are not required
property | type | default | description |
---|---|---|---|
name | string | sessionId | define the key of session in cookie |
maxAge | number | - | duration of one session,unit with second |
expires | boolean | - | set both expire date and maxAge |
domain | string | - | domain or a specified URI, if not specified, it will be the web URI |
secure | boolean | true | if set as true, cookie will only be transmitted over secure protocol as https |
path | string | - | document location of the cookie |
httpOnly | boolean | - | weather allow js get the cookie, it can help to mitigate xss attack |
sameSite | boolean ¦ lax ¦ strict ¦ none | lax | limits the scope of the cookie, and true is same as strict, false will not set it, more information please refer to rfc6265 |
singlePoint | boolean | - | one user can only active in one client, if it specified as true, the idKey must also be specified |
idKey | string | - | the union value of sessionContent's key to identify different users |
secretSalt | string ¦ Buffer ¦ TypedArray ¦ DataView | random 32 bytes buffer | salt for generic cookie's hash |
notice: If neither expires nor max-age specified, it will expire at the end of session.
-
sessionCenter.removeSession(req: IncomingMessage, res: ServerResponse): void;
remove session content of current request.
-
sessionCenter.getSession(req: IncomingMessage | string, res?: ServerResponse): SessionContent | false;
- if typeof res === 'string': get session of current cookie, if get false, means this cookie is invalidation, you should remove it later.
- req and res should both be specified, it will auto remove cookie if cookie is expires
-
sessionCenter.setSession(sessionContent: SessionContent, req?: IncomingMessage, res?: ServerResponse): string;
store session content and set cookie to response and return the cookie string. if req and res are both not specified, user should set the return cookie to response header later.
-
sessionCenter.remove(filter?: ((SessionContent: SessionContent) => boolean))
accept a filter function, all stored session which passed filter fun will be removed, or clear all session when no filter is specified.
-
sessionCenter.find(filter: ((SessionContent: SessionContent) => boolean)):SessionContent[]
return all session passed specified filter with an array