Skip to content

auth.sessions

Samuel S. Donovan edited this page Feb 2, 2022 · 15 revisions

`` auth.sessions is responsible for maintaining a list of sessions and information regarding them. By default, `auth.sessions` is set to an instance of `SessionManager`.

The default SessionManager only uses in-memory storage, and so shutting down the server will cause data to be lost.

As with the other managers, auth.sessions may be set to a developer-provided object, though it is necessary that the new auth.sessions has the same functions available as the default SessionManager, and that they return the same expected values. Extra functionality may be added with no affect to express-auth.

NOTE: While it is not necessary that custom session models be supported by a developer provided user manager, it is imperative that the get function returns an object with an userID and expires field.

Properties & Methods

Method/Property Returns Description

.model


{ 
    "userID": "string",
    "expires": 0,           //in ms
    ...
}

Default model for .add(...).
NOTE: model will always have .userID and .expires. They will be added if not provided.

.purgeInterval


number
Purge interval in ms for when sessions should be iterated through and deleted if expired.

.maxAge


number
Maximum age in ms that a session can last.

.httpOnly


bool
Specifies a session cookie's HttpOnly Set-Cookie attribute

.sameSite


bool
  • true will set the SameSite attribute to Strict for strict same site enforcement.
  • false will not set the SameSite attribute.

string
  • 'lax' will set the SameSite attribute to Lax for lax same site enforcement.
  • 'none' will set the SameSite attribute to None for an explicit cross-site cookie.
  • 'strict' will set the SameSite attribute to Strict for strict same site enforcement.

Specifies the boolean or string to be the value for the SameSite Set-Cookie attribute

.secure


bool
Specifies a session cookie's Secure Set-Cookie attribute


.new(userID, model=this.model,
     maxAge=this.maxAge)


string sessionID if the new session was created.

Creates a new user session.
Regardless of model, model.userID = userID and model.expires = Date.now() + maxAge.

.get(id)


model of the session with the provided id.

undefined if the session does not exist.

false if the session was unable to be retrieved (other).
Retrieves a session.

.all()


[string]
Retrieves a list of all session ids.

.set(id, model)


true if the session was successfully updated.

undefined if the session does not exist.

false if the session was unable to be updated (other).
Updates a session's model.
NOTE: While the model's expires can be updated using this method, it must be defined as a Date.
NOTE: While the model's userID can be updated using this method, it must be defined as a string.

.del(id)


true if the session was deleted.

undefined if the session was not deleted because it did not exist.

false if the session was not deleted (other).

Deletes a session.

.purge()

- Deletes all expired sessions.

.startPeriodicPurging()

- Starts periodically purging expired sessions based on .purgeInterval

.stopPeriodicPurging()

- Stops periodically purging expired sessions

Clone this wiki locally