Skip to content
Redis session store for Connect with encryption support
Branch: master
Clone or download
Pull request Compare This branch is 77 commits ahead, 2 commits behind tj:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
bench
lib
test
.eslintrc
.gitignore
History.md
Readme.md
index.js
package.json

Readme.md

npm Dependencies Downloads

connect-redis-crypto (fork of connect-redis) is a Redis session store backed by node_redis, and is insanely fast :). Requires redis >= 2.0.0 for the SETEX command.

Setup

npm install connect-redis-crypto express-session

Pass the express-session store into connect-redis to create a RedisStore constructor.

var session = require('express-session');
var RedisStore = require('connect-redis')(session);

// To enable crypto you must define a secret for the `RedisStore`
var options = {
  secret: 'squirrel'
};

app.use(session({
    store: new RedisStore(options),
    secret: 'keyboard cat'
}));

Options

A Redis client is required. An existing client can be passed directly using the client param or created for you using the host, port, or socket params. - client An existing client - host Redis server hostname - port Redis server portno - socket Redis server unix_socket - url Redis server url

The following additional params may be included:

  • ttl Redis session TTL (expiration) in seconds
  • disableTTL Disables setting TTL, keys will stay in redis until evicted by other means (overides ttl)
  • db Database index to use
  • pass Password for Redis authentication
  • prefix Key prefix defaulting to "sess:"
  • unref Set true to unref the Redis client. Warning: this is an experimental feature.
  • serializer An object containing stringify and parse methods compatible with Javascript's JSON to override the serializer used
  • logErrors Whether or not to log client errors. (default: false)
    • If true, a default logging function (console.error) is provided.
    • If a function, it is called anytime an error occurs (useful for custom logging)
    • If false, no logging occurs.
  • secret Encryption secret (setting this will enable transparent encryption functionality)
  • algorithm Symmetric encryption algorithm (defaults to aes-256-gcm)
  • hashing Hashing algorithm to use for HMAC of ciphertext (defaults to sha512)
  • encodeas Default encoding of cipher text for storage (defaults to hex)

Any options not included in this list will be passed to the redis createClient() method directly.

Custom Redis clients

Clients other than node_redis will work if they support the same interface. Just pass the client instance as the client configuration option. Known supported clients include:

  • ioredis - adds support for Redis Sentinel and Cluster

FAQ

How do I handle lost connections to Redis?

By default, the node_redis client will auto-reconnect when a connection is lost. But requests may come in during that time. In express, one way this scenario can be handled is including a "session check" after setting up a session (checking for the existence of req.session):

app.use(session( /* setup session here */ ))
app.use(function (req, res, next) {
  if (!req.session) {
    return next(new Error('oh no')) // handle error
  }
  next() // otherwise continue
})

If you want to retry, here is another option.

License

MIT

You can’t perform that action at this time.