session plugin for fastify
Clone or download
Latest commit 0d191b0 Nov 23, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
lib copy user data from previous session Nov 22, 2018
test copy user data from previous session Nov 22, 2018
.gitignore fix: session expiration Oct 28, 2017
.npmrc adopt standard Nov 18, 2018
.travis.yml add node 11 to travis ci Nov 18, 2018
LICENSE initial commit Oct 26, 2017
README.md add session.touch Nov 18, 2018
package.json v1.2.1 Nov 23, 2018

README.md

fastify-session

Greenkeeper badge Build Status Coverage Status NPM version JavaScript Style Guide

A session plugin for fastify. Requires the fastify-cookie plugin.

Install

npm install fastify-session

Usage

const fastify = require('fastify');
const fastifySession = require('fastify-session');
const fastifyCookie = require('fastify-cookie');

const app = fastify();
app.register(fastifyCookie);
app.register(fastifySession, {secret: 'a secret with minimum length of 32 characters'});

Store data in the session by adding it to the session decorator at the request:

app.register(fastifySession, {secret: 'a secret with minimum length of 32 characters'});
app.addHook('preHandler', (request, reply, next) => {
  request.session.user = {name: 'max'};
  next();
})

The sessionStore decorator of the request allows to get, save and delete sessions.

app.register(fastifySession, {secret: 'a secret with minimum length of 32 characters'});
app.addHook('preHandler', (request, reply, next) => {
  const session = request.session;
  request.sessionStore.destroy(session.sessionId, next);
})

API

session(fastify, options, next)

The session plugin accepts the following options. It decorates the request with the sessionStore and a session object. The session data is stored server side using the configured session store.

options

secret (required)

The secret used to sign the cookie. Must have length 32 or greater.

cookieName (optional)

The name of the session cookie. Defaults to sessionId.

cookie

The options object used to generate the Set-Cookie header of the session cookie. May have the following properties:

  • path - The Path attribute. Defaults to / (the root path).
  • maxAge - A number in milliseconds that specifies the Expires attribute by adding the specified milliseconds to the current date. If both expires and maxAge are set, then expires is used.
  • httpOnly - The boolean value of the HttpOnly attribute. Defaults to true.
  • secure - The boolean value of the Secure attribute. Defaults to true.
  • expires - The expiration date used for the Expires attribute. If both expires and maxAge are set, then expires is used.
  • sameSite- The boolean or string of the SameSite attribute.
  • domain - The Domain attribute.
store

A session store. Needs the following methods:

  • set(sessionId, session, callback)
  • get(sessionId, callback)
  • destroy(sessionId, callback)

Compatible to stores from express-session.

Defaults to a simple in memory store.
Note: The default store should not be used in a production environment because it will leak memory.

saveUninitialized (optional)

Save sessions to the store, even when they are new and not modified. Defaults to true. Setting this to true can be useful to save storage space or to comply with the EU cookie law.

request.session

Allows to access or modify the session data.

Session.touch()

Updates the expires property of the session.

License

MIT