Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100644 50 lines (37 sloc) 1.714 kb
ec6f156 @caolan updated README
authored
1 # Cookie-Sessions
2
3 Secure cookie-based session middleware for
4 [Connect](http://github.com/senchalabs/connect). This is a new module and I
5 wouldn't recommend for production use just yet.
6
7 Session data is stored on the request object in the 'session' property:
8
9 var connect = require('connect'),
22baff4 @caolan fix typo in README - thanks creationix
authored
10 sessions = require('cookie-sessions');
ec6f156 @caolan updated README
authored
11
12 Connect.createServer(
7d3c52f @caolan remove filter and export a function instead
authored
13 sessions({secret: '123abc'}),
ec6f156 @caolan updated README
authored
14 function(req, res, next){
15 req.session = {'hello':'world'};
16 res.writeHead(200, {'Content-Type':'text/plain'});
17 res.end('session data updated');
18 }
19 ).listen(8080);
20
21 The session data is JSON.stringified, encrypted and timestamped, then a HMAC
7d3c52f @caolan remove filter and export a function instead
authored
22 signature is attached to test for tampering. The main function accepts a
23 number of options:
ec6f156 @caolan updated README
authored
24
25 * secret -- The secret to encrypt the session data with
26 * timeout -- The amount of time in miliseconds before the cookie expires
27 (default: 24 hours)
28 * session_key -- The cookie key name to store the session data in
29 (default: _node)
1ecc793 @caolan added path option to README
authored
30 * path -- The path to use for the cookie (default: '/')
25abdc3 @richmarr Added optional domain parameter to allow control of subdomain scope
richmarr authored
31 * domain -- (optional) Define a specific domain/subdomain scope for the cookie
44650cf @caolan updated README
authored
32
33
34 ## Why store session data in cookies?
35
36 * Its fast, you don't need to hit the filesystem or a database to look up
37 session data
38 * It scales easily. You don't need to worry about sticky-sessions when
39 load-balancing across multiple nodes.
40 * No server-side persistence requirements
41
42 ## Caveats
43
44 * You can only store 4k of data in a cookie
45 * Higher-bandwidth requirements, since the cookie is sent to the server with
46 every request.
47
48 __In summary:__ don't use cookie storage if you keep a lot of data in your
49 sessions!
Something went wrong with that request. Please try again.