A redis session for Koa that creates sets for specific values.
Use-case: you want to know all the sessions related to a user so that if the user resets his/her password, you destroy all the sessions. NOTE: for expiring sessions, this is not optimal. However, you may still use this library as a redis hash-based solution without cross references.
Specifics:
- Stores sessions as hash sets
- Stores cross references as sets
- Functional API
const Koa = require('koa')
const client = require('ioredis').createClient()
const app = new Koa()
const Session = require('koa-redis-session-sets')(app, {
client,
references: {
user_id: {}
}
})
app.use(Session)
app.use(async (ctx, next) => {
// get the session
let session = await ctx.session.get()
// update the session
await ctx.session.set({
user_id: 1
})
// get the session object with latest keys
session = await ctx.session.get()
ctx.status = 204
})
Here's an example of deleting all the sessions associated with user_id: 1
.
You have to do it yourself because handling it would be too opinionated.
Specifically, if this set is possibly large, you'd want to use SSCAN
.
const key = Session.getReferenceKey('user_id', 1)
try {
const session_ids = await client.smembers(key)
await Promise.all(session_ids.map(session_id => {
// deletes the session and removes the session from all the referenced sets
return Session.store.delete(session_id)
}))
} catch (err) {
console.error(err.stack)
process.exit(1)
}
- Lead: @jonathanong @jongleberry
Creates a new session middleware instance.
Options:
client
-ioredis
clientreferences
- fields to referencemaxAge
- max age of sessions, defaulting to28 days
prefix
- optional key prefixbyteLength
- optional byte length for CSRF tokens
Use the session middleware in your app. Note that this is a very simple function and middleware is not required. Look at the source code to understand how simple it is.
Create your own session object from a context.
Get the key
for a redis set
that contains all the session ids related to a field:value
pair.
Use client.smembers(key)
to get all the session ids.
Session is ctx.session
.
Get the key for the redis hash
for use with client.hgetall(key)
.
Get the session, optionally with select fields.
Set specific fields in the session. Does not return the new session.
Remove specific fields in the session. Does not return the new session.
Update the session, updating the cookies and the session expire time.
Deletes the session.
Does not create a new one.
Execute const session = await ctx.session.get()
to create a new one
Create a CSRF token.
Returns a boolean of whether a CSRF token is valid.
The Store
is the underlying redis logic of the session.