npm
Sign UpSign In

This package has been deprecated

Author message:

This package has been deprecated. Use @kth/session instead

kth-node-session

2.0.4 • Public • Published

kth-node-session Build Status

A Node.js module for setting up session middleware for Express.js apps.

Enforces certain defaults that should improve security related to sessions.

Available session options: https://www.npmjs.com/package/express-session

Available Redis options: https://www.npmjs.com/package/connect-redis

Usage

const express = require('express')
const session = require('kth-node-session')

const app = express()

const options = {
  // set to true to enable session storage in RedisStore
  // default is to use MemoryStore
  useRedis: false,

  // this is used as redis prefix and session cookie name
  // must be set here or as individual settings for redis (prefix) and session (name)
  key: 'node-app.sid',

  // https://www.npmjs.com/package/connect-redis
  redisOptions: {
    // ...
  },

  // https://www.npmjs.com/package/express-session
  sessionOptions: {
    // secret must be set!
    secret: 'my-secret-string',

    // this should not be set when enabling Redis
    // or if using the default value
    store: null,
  },
}

app.use(session(options))

Default cookie settings

The cookie has the following defult settings but each value can be overridden if needed:

cookie: {
  secure: true,
  httpOnly: true,
  sameSite: 'Lax',
  path: '/'
},

The path attribute is preferably set to a more specific path so the cookie only is available where it´s needed.

Dependencies (5)

Dev Dependencies (6)

Package Sidebar

Install

npm i kth-node-session

Repository

github.com/KTH/kth-node-session

Homepage

github.com/KTH/kth-node-session#readme

Weekly Downloads

2

Version

2.0.4

License

MIT

Unpacked Size

5.2 kB

Total Files

4

Last publish

Collaborators

  • kth-stratus
  • mictsi
  • n_sandstrom
  • kthwebmaster
  • exacs
  • ssundkvist
  • kth-ci
  • emilstenberg
Try on RunKit
Report malware