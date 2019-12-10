Middleware for Koa2 to get/set session use with custom stores such as Redis or mongodb

Use native ES6(async/await) by Nodejs v7.6.0 +

Or you can use the old versions:

Require

node v7.6 +

Install

npm install koa-session2

Usage

const Koa = require ( "koa" ); const session = require ( "koa-session2" ); const app = new Koa(); app.use(session({ key : "SESSIONID" , }));

Custom Stores

Store.js

const Redis = require ( "ioredis" ); const { Store } = require ( "koa-session2" ); class RedisStore extends Store { constructor () { super (); this .redis = new Redis(); } async get (sid, ctx) { let data = await this .redis.get( `SESSION: ${sid} ` ); return JSON .parse(data); } async set (session, { sid = this .getID( 24 ), maxAge = 1000000 } = {}, ctx) { try { await this .redis.set( `SESSION: ${sid} ` , JSON .stringify(session), 'EX' , maxAge / 1000 ); } catch (e) {} return sid; } async destroy(sid, ctx) { return await this .redis.del( `SESSION: ${sid} ` ); } } module .exports = RedisStore;

main.js

const Koa = require ( "koa" ); const session = require ( "koa-session2" ); const Store = require ( "./Store.js" ); const app = new Koa(); app.use(session({ store : new Store() })); app.use( ctx => { let user = ctx.session.user; ctx.session.view = "index" ; }); app.use( ctx => { ctx.session.refresh() })

Options

Most options based on cookies

key : a string for store session id in cookie

: a string for store session id in cookie store : a class for custom store (extend {Store}, func: #get(sid), #set(session, opts), #destory(sid))

: a class for custom store (extend {Store}, func: #get(sid), #set(session, opts), #destory(sid)) maxAge : a number representing the milliseconds from Date.now() for expiry

: a number representing the milliseconds from for expiry expires : a Date object indicating the cookie's expiration date (expires at the end of session by default).

: a object indicating the cookie's expiration date (expires at the end of session by default). path : a string indicating the path of the cookie ( / by default).

: a string indicating the path of the cookie ( by default). domain : a string indicating the domain of the cookie (no default).

: a string indicating the domain of the cookie (no default). secure : a boolean indicating whether the cookie is only to be sent over HTTPS ( false by default for HTTP, true by default for HTTPS).

: a boolean indicating whether the cookie is only to be sent over HTTPS ( by default for HTTP, by default for HTTPS). httpOnly : a boolean indicating whether the cookie is only to be sent over HTTP(S), and not made available to client JavaScript ( true by default).

: a boolean indicating whether the cookie is only to be sent over HTTP(S), and not made available to client JavaScript ( by default). sameSite : a boolean or string indicating whether the cookie is a "same site" cookie ( false by default). This can be set to 'strict' , 'lax' , or true (which maps to 'strict' ).

: a boolean or string indicating whether the cookie is a "same site" cookie ( by default). This can be set to , , or (which maps to ). signed : a boolean indicating whether the cookie is to be signed ( false by default). If this is true, another cookie of the same name with the .sig suffix appended will also be sent, with a 27-byte url-safe base64 SHA1 value representing the hash of cookie-name=cookie-value against the first Keygrip key. This signature key is used to detect tampering the next time a cookie is received.

: a boolean indicating whether the cookie is to be signed ( by default). If this is true, another cookie of the same name with the suffix appended will also be sent, with a 27-byte url-safe base64 SHA1 value representing the hash of cookie-name=cookie-value against the first Keygrip key. This signature key is used to detect tampering the next time a cookie is received. overwrite : a boolean indicating whether to overwrite previously set cookies of the same name ( false by default). If this is true, all cookies set during the same request with the same name (regardless of path or domain) are filtered out of the Set-Cookie header when setting this cookie.

Methods

refresh() : if you set maxAge in options, you can call ctx.session.refresh() to refresh session to your store

License

MIT