{ "name": "express-session", "version": "1.0.4", "author": { "name": "TJ Holowaychuk", "email": "tj@vision-media.ca", "url": "http://tjholowaychuk.com" }, "main": "./index.js", "repository": { "type": "git", "url": "git://github.com/expressjs/session.git" }, "dependencies": { "utils-merge": "1.0.0", "cookie": "0.1.2", "cookie-signature": "1.0.3", "uid2": "0.0.3", "buffer-crc32": "0.2.1", "debug": "0.8.1" }, "devDependencies": { "mocha": "~1.17.0", "express": "4.0.0", "supertest": "0.9.0", "should": "3.1.2", "cookie-parser": "1.0.1" }, "scripts": { "test": "mocha --bail --ui bdd --reporter list -- test/*.js" }, "engines": { "node": ">= 0.8.0" }, "license": "MIT", "readme": "THIS REPOSITORY NEEDS A MAINTAINER. IF YOU'RE INTERESTED IN MAINTAINING THIS REPOSITORY, PLEASE LET US KNOW!\n\n# express-session [![Build Status](https://travis-ci.org/expressjs/session.svg)](https://travis-ci.org/expressjs/session) [![NPM version](https://badge.fury.io/js/session.svg)](http://badge.fury.io/js/session)\n\n## API\n\n```js\nvar express = require('express')\n , cookieParser = require('cookie-parser')\n , session = require('express-session')\n , app = express()\n\napp.use(cookieParser()) // required before session.\napp.use(session({ secret: 'keyboard cat', key: 'sid', cookie: { secure: true }}))\n```\n\n\n### session(options)\n\nSetup session store with the given `options`.\n\nSession data is _not_ saved in the cookie itself, however\ncookies are used, so we must use the [cookie-parser](https://github.com/expressjs/cookie-parser)\nmiddleware _before_ `session()`.\n\n#### Options\n\n - `key` - cookie name defaulting to `connect.sid`.\n - `store` - session store instance.\n - `secret` - session cookie is signed with this secret to prevent tampering.\n - `proxy` - trust the reverse proxy when setting secure cookies (via \"x-forwarded-proto\").\n - `cookie` - session cookie settings, defaulting to `{ path: '/', httpOnly: true, secure: false, maxAge: null }`\n\n\n#### Cookie options\n\nPlease note that `secure: true` is a **recommended** option. However, it requires an https-enabled website, i.e., HTTPS is necessary for secure cookies.\nIf for development or other reasons security is not a concern, just use:\n\n```\napp.use(connect.cookieParser())\napp.use(connect.session({ secret: 'keyboard cat', key: 'sid' }))\n```\n\nBy default `cookie.maxAge` is `null`, meaning no \"expires\" parameter is set\nso the cookie becomes a browser-session cookie. When the user closes the\nbrowser the cookie (and session) will be removed.\n\n### req.session\n\nTo store or access session data, simply use the request property `req.session`,\nwhich is (generally) serialized as JSON by the store, so nested objects\nare typically fine. For example below is a user-specific view counter:\n\n```js\napp.use(cookieParser())\napp.use(session({ secret: 'keyboard cat', cookie: { maxAge: 60000 }}))\n\napp.use(function(req, res, next) {\n var sess = req.session\n if (sess.views) {\n sess.views++\n res.setHeader('Content-Type', 'text/html')\n res.write('

views: ' + sess.views + '

')\n res.write('

expires in: ' + (sess.cookie.maxAge / 1000) + 's

')\n res.end()\n } else {\n sess.views = 1\n res.end('welcome to the session demo. refresh!')\n }\n})\n```\n\n#### Session.regenerate()\n\nTo regenerate the session simply invoke the method, once complete\na new SID and `Session` instance will be initialized at `req.session`.\n\n```js\nreq.session.regenerate(function(err) {\n // will have a new session here\n})\n```\n\n#### Session.destroy()\n\nDestroys the session, removing `req.session`, will be re-generated next request.\n\n```js\nreq.session.destroy(function(err) {\n // cannot access session here\n})\n```\n\n#### Session.reload()\n\nReloads the session data.\n\n```js\nreq.session.reload(function(err) {\n // session updated\n})\n```\n\n#### Session.save()\n\n```js\nreq.session.save(function(err) {\n // session saved\n})\n```\n\n#### Session.touch()\n\nUpdates the `.maxAge` property. Typically this is\nnot necessary to call, as the session middleware does this for you.\n\n### req.session.cookie\n\nEach session has a unique cookie object accompany it. This allows\nyou to alter the session cookie per visitor. For example we can\nset `req.session.cookie.expires` to `false` to enable the cookie\nto remain for only the duration of the user-agent.\n\n#### Cookie.maxAge\n\nAlternatively `req.session.cookie.maxAge` will return the time\nremaining in milliseconds, which we may also re-assign a new value\nto adjust the `.expires` property appropriately. The following\nare essentially equivalent\n\n```js\nvar hour = 3600000\nreq.session.cookie.expires = new Date(Date.now() + hour)\nreq.session.cookie.maxAge = hour\n```\n\nFor example when `maxAge` is set to `60000` (one minute), and 30 seconds\nhas elapsed it will return `30000` until the current request has completed,\nat which time `req.session.touch()` is called to reset `req.session.maxAge`\nto its original value.\n\n```js\nreq.session.cookie.maxAge // => 30000\n```\n\n## Session Store Implementation\n\nEvery session store _must_ implement the following methods\n\n - `.get(sid, callback)`\n - `.set(sid, session, callback)`\n - `.destroy(sid, callback)`\n\nRecommended methods include, but are not limited to:\n\n - `.length(callback)`\n - `.clear(callback)`\n\nFor an example implementation view the [connect-redis](http://github.com/visionmedia/connect-redis) repo.\n", "readmeFilename": "README.md", "description": "THIS REPOSITORY NEEDS A MAINTAINER. IF YOU'RE INTERESTED IN MAINTAINING THIS REPOSITORY, PLEASE LET US KNOW!", "bugs": { "url": "https://github.com/expressjs/session/issues" }, "_id": "express-session@1.0.4", "_from": "express-session@~1.0.4" }