-
Notifications
You must be signed in to change notification settings - Fork 0
auth.sessions
Samuel S. Donovan edited this page Dec 10, 2022
·
15 revisions
auth.sessions is responsible for maintaining a list of sessions and information regarding them. By default, auth.sessions is set to an instance of SessionManager.
The default SessionManager only uses in-memory storage, so shutting down the server will cause all data to be lost.
As with the other managers, auth.sessions may be set to a developer-provided object, though it is necessary that the new auth.sessions has the required functions (see table below). Extra functionality may be added with no affect to express-cookie-session-auth.
☆ This method or property a requirement when providing your own implementation
| Method/Property | Returns/Type | Description | |
|---|---|---|---|
| ☆ |
{
"userID": "string",☆
"expires": 0, ☆ //in ms
...
}
|
Default model for .new(...).NOTE: Internally, model will always have .userID and .expires. They will be added during new() and set() if not provided.
|
|
number
|
Purge interval in ms for when sessions should be iterated through and deleted if expired. | ||
| ☆ |
number
|
Maximum age in ms that a session can last. | |
| ☆ |
bool
|
Specifies a session cookie's HttpOnly Set-Cookie attribute
|
|
| ☆ |
bool
string
|
Specifies the boolean or string to be the value for the SameSite Set-Cookie attribute |
|
| ☆ |
bool
|
Specifies a session cookie's Secure Set-Cookie attribute
|
|
| ☆ |
string sessionID if the new session was created. |
Creates a new user session. Regardless of model, model.userID = userID and model.expires = Date.now() + maxAge.NOTE: There is no validation of userID: adding an ID not in auth.users will still work.
|
|
| ☆ |
model of the session with the provided id.undefined if the session does not exist.false if the session was unable to be retrieved (other).
|
Retrieves a session. NOTE: This function must always return an object with an userID and expires.
|
Retrieves a session. |
[string]
|
Retrieves a list of all session ids. |
||
| ☆ |
true if the session was successfully updated.undefined if the session does not exist.false if the session was unable to be updated (other).
|
Updates a session's model.NOTE: While the model's expires can be updated using this method, it must be defined as a Date.NOTE: While the model's userID can be updated using this method, it must be defined as a string. |
|
| ☆ |
true if the session was deleted.undefined if the session was not deleted because it did not exist.false if the session was not deleted (other). |
Deletes a session. | |
| - | Deletes all expired sessions. | ||
| - |
Starts periodically purging expired sessions based on .purgeInterval.Called in constructor. |
||
| - | Stops periodically purging expired sessions |