0.1.6 • Published 4 years ago
session.js v0.1.6
Session.js:
A simple node.js express.js session manager.
Installation (npm):
Session.js is avaliable through npm.
$ npm install session.jsFeatures:
Security
By default, the JSON data that is inside the session cookie is encrypted. If you want to prevent the user from tampering with their session, you can provide the option to sign the session.
Customizable:
This library has many options to customize your session. You can choose a name for the session, make an encryption secret, sign the session cookie, and set the cookie options for your session. In addition, if you want extra security and encryption, you can make your own algorithm and send the encrypted data to this session management tool.
Flexibility:
You can use this library with either vanilla node or express.
Initiation in express:
const express = require('express')
, Session = require('session.js')
, app = express();
app.use((req, res, next) => {
req.session = new Session(req, res, {
name: 'SESS', //defaults to this but you can name the session cookie whatever you like
secret: 'keyboard cat', //used to encrypt JSON data in the cookie. Make this a very long random string to make a secure session.
signed: false, //recommended to make this value true. Signs the session cookie so the user won't be able to edit the session.
signature_secret: 'keyboard cat V2', //if signed equals true, then this is VERY recommended. Should be a long random string.
cookie: { //all the cookie options for the session cookie. See https://www.npmjs.com/package/cookies for more details
maxAge: null,
path: '/',
secure: false,
httpOnly: true,
sameSite: 'strict'
}
});
next();
});Initiation in vanilla node:
const http = require('http')
, Session = require('session.js');
http.createServer((req, res) => {
req.session = new Session(req, res, {
name: 'SESS', //defaults to this but you can name the session cookie whatever you like
secret: 'keyboard cat', //used to encrypt JSON data in the cookie. Make this a very long random string to make a secure session.
signed: false, //recommended to make this value true. Signs the session cookie so the user won't be able to edit the session.
signature_secret: 'keyboard cat V2', //if signed equals true, then this is VERY recommended. Should be a long random string.
cookie: { //all the cookie options for the session cookie. See https://www.npmjs.com/package/cookies for more details
maxAge: null,
path: '/',
secure: false,
httpOnly: true,
sameSite: 'strict'
}
});
}).listen(8080);Usage:
req.session.set('key', 'value') //sets a value in the session
req.session.fetch('key') //fetches the value of an item in the session (in this case it fetches the value of 'key')
req.session.fetchAll() //fetches all values in a JSON format
req.session.erase('key') //erases the value of an item (in this case it erases the value of 'key')
req.session.dump() //erases the entire session
req.session.snatch('key') //fetches the value of an item and also erases that item (in this case it snatches the value of key)
req.session.verify() //checks if the session cookie has been tampered with, if it has been tampered it dumps the session and returns false, if the session has not been tampered with, it returns true
req.session.fetchJSON('key') //fetches 'key' and turns it into a JSON object, this means that instead of returning 'value', it returns "{"key": "value"}". NOTE: you must use JSON.parse() to actually edit the returned object
req.session.pushOn.array('key', 'value') //pushes 'value' onto the array 'key', if 'key' is not an array this will not work
req.session.pushOn.object('key.subkey', 'value') //sets the value of 'subkey' inside of the object 'key' to be 'value', you can add multiple subkeys, i.e. 'key.subkey.subsubkey.subsubsubkey', 'value'