Skip to content
Secure cookie-based session middleware for Connect
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
deps
lib Added optional domain parameter to allow control of subdomain scope Jan 10, 2012
test
.gitmodules code so far Jul 28, 2010
LICENSE added LICENSE Oct 10, 2010
README.md
index.js
package.json
test.js code so far Jul 28, 2010

README.md

Cookie-Sessions

Secure cookie-based session middleware for Connect. This is a new module and I wouldn't recommend for production use just yet.

Session data is stored on the request object in the 'session' property:

var connect = require('connect'),
    sessions = require('cookie-sessions');

Connect.createServer(
    sessions({secret: '123abc'}),
    function(req, res, next){
        req.session = {'hello':'world'};
        res.writeHead(200, {'Content-Type':'text/plain'});
        res.end('session data updated');
    }
).listen(8080);

The session data is JSON.stringified, encrypted and timestamped, then a HMAC signature is attached to test for tampering. The main function accepts a number of options:

* secret -- The secret to encrypt the session data with
* timeout -- The amount of time in miliseconds before the cookie expires
  (default: 24 hours)
* session_key -- The cookie key name to store the session data in
  (default: _node)
* path -- The path to use for the cookie (default: '/')
* domain -- (optional) Define a specific domain/subdomain scope for the cookie

Why store session data in cookies?

  • Its fast, you don't need to hit the filesystem or a database to look up session data
  • It scales easily. You don't need to worry about sticky-sessions when load-balancing across multiple nodes.
  • No server-side persistence requirements

Caveats

  • You can only store 4k of data in a cookie
  • Higher-bandwidth requirements, since the cookie is sent to the server with every request.

In summary: don't use cookie storage if you keep a lot of data in your sessions!

You can’t perform that action at this time.