express-session-lw v1.0.9
express-session-lw
Lightweight Session management middleware for ExpressJS with garbage collection of timeout session keys.
Follow this project on github for the newest releases and updates.
Why another session middleware?
Beause express-session middleware has purposely made it's Memorystore
to leak. express-Session-lw
doesn't leak and has automatic hoovering of idle session keys.
Dont take my word for it:
(quote from express-session doc) Warning The default server-side session storage, Memory Store , is purposely not designed for a production environment. It will leak memory under most conditions, does not scale past a single process, and is meant for debugging and developing.
Features
Keys are stored in memory.
Garbage collection runs at specified user configurable intervals.
Can co-exist with CookieParser middle-ware.
Per session settable idle time.
Timeout session keys are automatically replaced by new ones , and an empty session store is associated with the new key.
Install
npm install --save express-session-lw
API
functions exported by the module
function | arguments | description |
---|---|---|
this | options object (see next section) | Initialize middle-ware |
gc | none | garbage collector, you can call it explicitly |
getSessionData | key (user session key) | fetch the session data object belonging to a session key |
Initializing
const express = require('express');
var app = express();
const express_session_lw = require('express-session-lw');
app.use ( express_session_lw( options ) );
.
Options
object properties
Property name | Description | Default Value |
---|---|---|
debug | Will show tracing/logging info via console.log | false |
globalTimeOut | The time for a session to be idle (no browser activity) before the session key is discarded | 30 (seconds) |
garbageCollect | garbage collector interval to hoover up , timed out session keys | 500 (seconds) |
sessionKeyName | The name of the cookie to be used as session key | "lw_session_id" |
Basic usage
const express = require('express');
var app = express();
const express_session_lw = require('express-session-lw');
const session_middleware = express_session_lw({
debug:false,
// clean up session keys that have been idle for 3 hours
globalTimeOut:3600*3,
// garbage collect timed-out session keys every 60 seconds
garbageCollect: 60,
// name of the cookie to hold the session key
sessionKeyName:"__SESSION_LW"
});
app.use(session_middleware);
Example use of garbage collector and session data fetch outside of express middleware.
// explicity call the garbage collector
express_session_lw.gc();
// fetch from global memory store,
// the session related storage object using the session key.
var session_data = express_session_lw.getSessionData( key );
Request.session_data
The object property session_data
is automatically added to the request object, with the following properties
property name | Description |
---|---|
key | key value as (string) |
last_access | integer unix timestamp of the last time this session key was used. |
Adjust max idle time on a per session basis
Add the property timeout
to the request object and will override globalTimeOut
in the option object used to initialize the middleware
Adding data to the session:
Just add your own custom properties to the request.session_data
object.
app.get("/login" , function (req, send, next) {
..
..
// these properties always exist,
console.log(req.session_data.key); // print out my session key
console.log(req.session_data.last_access); // print out the last usage
// add new session properties
req.session_data.shopcart = [ 'item1', 'item2','item3'];
..
..
});