This package has been deprecated

    Author message:

    this package has been deprecated


    1.0.9 • Public • Published


    Lightweight Session management middleware for ExpressJS with garbage collection of timeout session keys.

    Follow this project on github for the newest releases and updates.

    Why another session middleware?

    Beause express-session middleware has purposely made it's Memorystore to leak. express-Session-lw doesn't leak and has automatic hoovering of idle session keys.

    Dont take my word for it:

    (quote from express-session doc) Warning The default server-side session storage, Memory Store , is purposely not designed for a production environment. It will leak memory under most conditions, does not scale past a single process, and is meant for debugging and developing.


    • Keys are stored in memory.

    • Garbage collection runs at specified user configurable intervals.

    • Can co-exist with CookieParser middle-ware.

    • Per session settable idle time.

    • Timeout session keys are automatically replaced by new ones , and an empty session store is associated with the new key.


      npm install --save express-session-lw


    functions exported by the module

    function arguments description
    this options object (see next section) Initialize middle-ware
    gc none garbage collector, you can call it explicitly
    getSessionData key (user session key) fetch the session data object belonging to a session key


    const express = require('express');
    var app = express();
    const express_session_lw = require('express-session-lw');
    app.use ( express_session_lw( options ) );

    Options object properties

    Property name Description Default Value
    debug Will show tracing/logging info via console.log false
    globalTimeOut The time for a session to be idle (no browser activity) before the session key is discarded 30 (seconds)
    garbageCollect garbage collector interval to hoover up , timed out session keys 500 (seconds)
    sessionKeyName The name of the cookie to be used as session key "lw_session_id"

    Basic usage

    const express = require('express');
    var app = express();
    const express_session_lw = require('express-session-lw');
    const session_middleware = express_session_lw({
         // clean up session keys that have been idle for 3 hours
        // garbage collect timed-out session keys every 60 seconds
        garbageCollect: 60,
        // name of the cookie to hold the session key

    Example use of garbage collector and session data fetch outside of express middleware.

    // explicity call the garbage collector
    // fetch from global memory store,
    // the session related storage object using the session key.
    var session_data = express_session_lw.getSessionData( key );


    The object property session_data is automatically added to the request object, with the following properties

    property name Description
    key key value as (string)
    last_access integer unix timestamp of the last time this session key was used.

    Adjust max idle time on a per session basis

    Add the property timeout to the request object and will override globalTimeOut in the option object used to initialize the middleware

    Adding data to the session:

    Just add your own custom properties to the request.session_data object.

    app.get("/login" , function (req, send, next) {
      // these properties always exist,
      console.log(req.session_data.key); // print out my session key
      console.log(req.session_data.last_access); // print out the last usage
      // add new session properties
      req.session_data.shopcart = [ 'item1', 'item2','item3'];


    npm i express-session-lw

    DownloadsWeekly Downloads






    Last publish


    • jacobbogers