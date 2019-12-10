Middleware for Koa2 to get/set session use with custom stores such as Redis or mongodb
Use native ES6(async/await) by Nodejs v7.6.0 +
Or you can use the old versions:
node v7.6 +
npm install koa-session2
const Koa = require("koa");
const session = require("koa-session2");
const app = new Koa();
app.use(session({
key: "SESSIONID", //default "koa:sess"
}));
Store.js
const Redis = require("ioredis");
const { Store } = require("koa-session2");
class RedisStore extends Store {
constructor() {
super();
this.redis = new Redis();
}
async get(sid, ctx) {
let data = await this.redis.get(`SESSION:${sid}`);
return JSON.parse(data);
}
async set(session, { sid = this.getID(24), maxAge = 1000000 } = {}, ctx) {
try {
// Use redis set EX to automatically drop expired sessions
await this.redis.set(`SESSION:${sid}`, JSON.stringify(session), 'EX', maxAge / 1000);
} catch (e) {}
return sid;
}
async destroy(sid, ctx) {
return await this.redis.del(`SESSION:${sid}`);
}
}
module.exports = RedisStore;
main.js
const Koa = require("koa");
const session = require("koa-session2");
const Store = require("./Store.js");
const app = new Koa();
app.use(session({
store: new Store()
}));
app.use(ctx => {
let user = ctx.session.user;
ctx.session.view = "index";
});
app.use(ctx => {
// refresh session if set maxAge
ctx.session.refresh()
})
Most options based on cookies
key: a string for store session id in cookie
store: a class for custom store (extend {Store}, func: #get(sid), #set(session, opts), #destory(sid))
maxAge: a number representing the milliseconds from
Date.now() for expiry
expires: a
Date object indicating the cookie's expiration date (expires at the end of session by default).
path: a string indicating the path of the cookie (
/ by default).
domain: a string indicating the domain of the cookie (no default).
secure: a boolean indicating whether the cookie is only to be sent over HTTPS (
false by default for HTTP,
true by default for HTTPS).
httpOnly: a boolean indicating whether the cookie is only to be sent over HTTP(S), and not made available to client JavaScript (
true by default).
sameSite: a boolean or string indicating whether the cookie is a "same site" cookie (
false by default). This can be set to
'strict',
'lax', or
true (which maps to
'strict').
signed: a boolean indicating whether the cookie is to be signed (
false by default). If this is true, another cookie of the same name with the
.sig suffix appended will also be sent, with a 27-byte url-safe base64 SHA1 value representing the hash of cookie-name=cookie-value against the first Keygrip key. This signature key is used to detect tampering the next time a cookie is received.
overwrite: a boolean indicating whether to overwrite previously set cookies of the same name (
false by default). If this is true, all cookies set during the same request with the same name (regardless of path or domain) are filtered out of the Set-Cookie header when setting this cookie.
refresh(): if you set
maxAge in options, you can call
ctx.session.refresh() to refresh session to your store
MIT