npm
Sign UpSign In

express-sessionless

0.1.0 • Public • Published

express-sessionless

Persistence less session management for express.

This module acts as a session provider for express based apps. It stores the user's session into a cookie and uses HMAC to sign that data and verify its validity.

It is still work in progress. Remains to be done:

  • there should be 2 TTLs. One for the whole session and another after which a token is renewed.
  • right now, a new session token is generated for every request. Instead, one should only be generated if the session data has changed or if the renewal token has expired.

Usage


var app = require('express')()
var cookieParser = require('cookie-parser')
var SessionLess = require('express-sessionless')

var sessionLess = new SessionLess({
    secret: 'There is no place like 127.0.0.1',
    ttl: 86400, // the expiration time for a cookie
    hmacAlgorithm: 'sha256' // the hashing algorithm
})

app.use(cookieParser()) // required for SessionLess to work
app.use(sessionLess.sessionMiddleware())


app.get('/login', function(req, res) {
  req.session.user = req.body.user
  res.send()
})

server.app.get('/current-user', function(req, res) {
  res.send(req.session.user)
})

server.app.get('/logout', function(req, res) {
  delete req.session
  res.send()
})

app.listen(3000)

Readme

Keywords

none

Package Sidebar

Install

npm i express-sessionless

Weekly Downloads

2

Version

0.1.0

License

none

Last publish

Collaborators

  • nherment
Try on RunKit
Report malware