Nibbling Pastry Monster


    1.0.10 • Public • Published


    Hard to say; easy to use.

    redis-sesh is a redis based session store which is pretty much as simple as possible. Probably too simple.


       set: function(id, callback){},
       get: function(session, callback){},
       liv: function(session, callback){},
       die: function(session, callback){}

    To use:

    Make sure you have node, npm and redis.

    npm install redis-sesh --save --save-exact (You do use --save-exact, right?)

    var redis = request("redis"); // don't forget to run: `npm install redis --save --save-exact`
    // `createClient` takes some options. Make sure you configure it to actually work for your setup.
    var redisClient = redis.createClient();
    var RedisSesh = request("redis-sesh");
    var ttl = 86400; // The ttl argument is optional. Leave it off (or set to 0) for never-expiring sessions *
    var sesh = new RedisSesh(redisClient, "sesh", ttl);
    var id = 1337; // this is the thing you want to 
    sesh.set(id, function(err, sessionId){
        if(err){/*always make sure you handle your errors, folks*/}
        console.log("Look at my session id: %s!, sessionId);
    var sessionId = "some session id previously generated by redis-sesh";
    // get the "id" for the sessionId
    sesh.get(sessionId, function(err, userId){
        console.log("Look at my user id: %s!, userId);
    // make the session last longer (resets expiration to the ttl value):
    sesh.liv(sessionId, function(err){
        console.log("Um, it's done I guess");
    // This kills the crab, er, session.
    sesh.die(sessionId, function(err){
        console.log("The session should be gone now");

    But are the session ids secure?

    It generates 32 bytes of cryptographically random data for the session and converts it to base64. That's 3 nonillion possible combinations, or 3 thousand billion billion billion.

    It basically does something like this: crypto.randomBytes(32).toString("base64");. Ok, not basically, that's what it does.

    Additionally, redis-sesh checks for session id collisions (via setnx) and recomputes a new session id automatically if a collision is found (there is still a chance a session id could have expired but the user still has it, then redis-sesh creates an idential session id, and the old user then visits again. But there is also a chance that you'll get hit by a duck made of pure gold that has the winning lottery numbers engraved on it's beak, but I digress).

    Something to know:

    redis-sesh doesn't validate anything you pass to it. It won't (de)serialize anything for you. It won't even check if you supplied a callback function or not.



    npm i redis-sesh

    DownloadsWeekly Downloads






    Last publish


    • davidmurdoch