express-single-session v1.0.0

express-single-session

Express middleware that enforces a single session per user.

Example

var express = require("express")
  , enforceSingleSession = require("express-single-session")("_id")

var app = express()

app.use(express.session())

function loginMiddleware (req, res, next) {
  // Login your user here - this could be passportjs or whatever
  // Set req.user to be the logged in user
  next()
}

app.post("/login", loginMiddleware, enforceSingleSession, function (req, res) {
  return res.json({message: "Authentication success"})
})

Usage

Create a new single session middleware function:

var enforceSingleSession = require("express-single-session")()

Pass the id field on your user object if different to "_id":

var enforceSingleSession = require("express-single-session")("id")

Ensure the middleware that logs in your user adds your logged in user object to req.user.

The module stores a map of user ID's to session ID's. When a user is logged in, the module removes the express session (from req.sessionStore.sessions) with the session ID it has stored and associates the current req.sessionID with that user.