-
Notifications
You must be signed in to change notification settings - Fork 0
auth.sessions
auth.sessions is responsible for maintaining a list of sessions and information regarding them. By default, auth.sessions is set to an instance of SessionManager.
The default SessionManager only uses in-memory storage, and so shutting down the server will cause data to be lost.
As with the other managers, auth.sessions may be set to a developer-provided object, though it is necessary that the new auth.sessions has the same functions available as the default SessionManager, and that they return the same expected values. Extra functionality may be added with no affect to express-auth.
NOTE: While it is not necessary that custom session models be supported by a developer provided user manager, it is imperative that the get function returns an object with an userID and expires field.
| Method/Property | Returns/Type | Description |
|---|---|---|
{
"userID": "string",
"expires": 0, //in ms
...
}
|
Default model for .new(...).NOTE: Internally, model will always have .userID and .expires. They will be added during new() and set() if not provided.
|
|
number
|
Purge interval in ms for when sessions should be iterated through and deleted if expired. | |
number
|
Maximum age in ms that a session can last. | |
bool
|
Specifies a session cookie's HttpOnly Set-Cookie attribute
|
|
bool
string
|
Specifies the boolean or string to be the value for the SameSite Set-Cookie attribute |
|
bool
|
Specifies a session cookie's Secure Set-Cookie attribute
|
|
string sessionID if the new session was created. |
Creates a new user session. Regardless of model, model.userID = userID and model.expires = Date.now() + maxAge.NOTE: There is no validation of userID: adding an ID not in auth.users will still work.
|
|
model of the session with the provided id.undefined if the session does not exist.false if the session was unable to be retrieved (other).
|
Retrieves a session. | |
[string]
|
Retrieves a list of all session ids. |
|
true if the session was successfully updated.undefined if the session does not exist.false if the session was unable to be updated (other).
|
Updates a session's model.NOTE: While the model's expires can be updated using this method, it must be defined as a Date.NOTE: While the model's userID can be updated using this method, it must be defined as a string. |
|
true if the session was deleted.undefined if the session was not deleted because it did not exist.false if the session was not deleted (other). |
Deletes a session. | |
| - | Deletes all expired sessions. | |
| - | Starts periodically purging expired sessions based on .purgeInterval
|
|
| - | Stops periodically purging expired sessions |