@forrestjs/service-express-session

ForrestJS service which provides the basics to handle a session in Express.

Inject an Express middleware that provides means to handle a session as a JWT that is stored ad a Cookie or can be exchanged as a header.

Usage

await req.session.start()
await req.session.destroy()
await req.session.set({ foo: 123, name: 'Marco' })
await req.session.get('id')
await req.session.unset([ 'foo', 'name' ])

get/set

Those methods allow yo

Configuration

express.session.autoStart

default: true

If there is no running session, a new session will be generated on the fly and the req object decorated accordingly.

express.session.autoExtend

default: true

If true, the session expiry time will be refreshed and a new JWT released either via Cookie or response header.

express.session.duration

default: 20m

Default duration of an inactive session (or if autoExtend === false).

express.session.attributeName

default: session

Property name that is used to decorate req and res.

express.session.setHeader

default: false

express.session.headerName

default: X-session-Id

express.session.useCookies

default: true

express.session.cookieName

default: session-id

express.session.useClientCookie

default: false

If set to true a client accessible cookie will be used. This option is actually discouraged for security reasons as it makes it vulnerable to a session spoofing attack.

express.session.uuidVersion

default: v4