Ohm-Management - Projektarbeit B-ME
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

README.md 35KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823
  1. # express-session
  2. [![NPM Version][npm-version-image]][npm-url]
  3. [![NPM Downloads][npm-downloads-image]][node-url]
  4. [![Build Status][travis-image]][travis-url]
  5. [![Test Coverage][coveralls-image]][coveralls-url]
  6. ## Installation
  7. This is a [Node.js](https://nodejs.org/en/) module available through the
  8. [npm registry](https://www.npmjs.com/). Installation is done using the
  9. [`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
  10. ```sh
  11. $ npm install express-session
  12. ```
  13. ## API
  14. ```js
  15. var session = require('express-session')
  16. ```
  17. ### session(options)
  18. Create a session middleware with the given `options`.
  19. **Note** Session data is _not_ saved in the cookie itself, just the session ID.
  20. Session data is stored server-side.
  21. **Note** Since version 1.5.0, the [`cookie-parser` middleware](https://www.npmjs.com/package/cookie-parser)
  22. no longer needs to be used for this module to work. This module now directly reads
  23. and writes cookies on `req`/`res`. Using `cookie-parser` may result in issues
  24. if the `secret` is not the same between this module and `cookie-parser`.
  25. **Warning** The default server-side session storage, `MemoryStore`, is _purposely_
  26. not designed for a production environment. It will leak memory under most
  27. conditions, does not scale past a single process, and is meant for debugging and
  28. developing.
  29. For a list of stores, see [compatible session stores](#compatible-session-stores).
  30. #### Options
  31. `express-session` accepts these properties in the options object.
  32. ##### cookie
  33. Settings object for the session ID cookie. The default value is
  34. `{ path: '/', httpOnly: true, secure: false, maxAge: null }`.
  35. The following are options that can be set in this object.
  36. ##### cookie.domain
  37. Specifies the value for the `Domain` `Set-Cookie` attribute. By default, no domain
  38. is set, and most clients will consider the cookie to apply to only the current
  39. domain.
  40. ##### cookie.expires
  41. Specifies the `Date` object to be the value for the `Expires` `Set-Cookie` attribute.
  42. By default, no expiration is set, and most clients will consider this a
  43. "non-persistent cookie" and will delete it on a condition like exiting a web browser
  44. application.
  45. **Note** If both `expires` and `maxAge` are set in the options, then the last one
  46. defined in the object is what is used.
  47. **Note** The `expires` option should not be set directly; instead only use the `maxAge`
  48. option.
  49. ##### cookie.httpOnly
  50. Specifies the `boolean` value for the `HttpOnly` `Set-Cookie` attribute. When truthy,
  51. the `HttpOnly` attribute is set, otherwise it is not. By default, the `HttpOnly`
  52. attribute is set.
  53. **Note** be careful when setting this to `true`, as compliant clients will not allow
  54. client-side JavaScript to see the cookie in `document.cookie`.
  55. ##### cookie.maxAge
  56. Specifies the `number` (in milliseconds) to use when calculating the `Expires`
  57. `Set-Cookie` attribute. This is done by taking the current server time and adding
  58. `maxAge` milliseconds to the value to calculate an `Expires` datetime. By default,
  59. no maximum age is set.
  60. **Note** If both `expires` and `maxAge` are set in the options, then the last one
  61. defined in the object is what is used.
  62. ##### cookie.path
  63. Specifies the value for the `Path` `Set-Cookie`. By default, this is set to `'/'`, which
  64. is the root path of the domain.
  65. ##### cookie.sameSite
  66. Specifies the `boolean` or `string` to be the value for the `SameSite` `Set-Cookie` attribute.
  67. - `true` will set the `SameSite` attribute to `Strict` for strict same site enforcement.
  68. - `false` will not set the `SameSite` attribute.
  69. - `'lax'` will set the `SameSite` attribute to `Lax` for lax same site enforcement.
  70. - `'strict'` will set the `SameSite` attribute to `Strict` for strict same site enforcement.
  71. More information about the different enforcement levels can be found in the specification
  72. https://tools.ietf.org/html/draft-west-first-party-cookies-07#section-4.1.1
  73. **Note** This is an attribute that has not yet been fully standardized, and may change in
  74. the future. This also means many clients may ignore this attribute until they understand it.
  75. ##### cookie.secure
  76. Specifies the `boolean` value for the `Secure` `Set-Cookie` attribute. When truthy,
  77. the `Secure` attribute is set, otherwise it is not. By default, the `Secure`
  78. attribute is not set.
  79. **Note** be careful when setting this to `true`, as compliant clients will not send
  80. the cookie back to the server in the future if the browser does not have an HTTPS
  81. connection.
  82. Please note that `secure: true` is a **recommended** option. However, it requires
  83. an https-enabled website, i.e., HTTPS is necessary for secure cookies. If `secure`
  84. is set, and you access your site over HTTP, the cookie will not be set. If you
  85. have your node.js behind a proxy and are using `secure: true`, you need to set
  86. "trust proxy" in express:
  87. ```js
  88. var app = express()
  89. app.set('trust proxy', 1) // trust first proxy
  90. app.use(session({
  91. secret: 'keyboard cat',
  92. resave: false,
  93. saveUninitialized: true,
  94. cookie: { secure: true }
  95. }))
  96. ```
  97. For using secure cookies in production, but allowing for testing in development,
  98. the following is an example of enabling this setup based on `NODE_ENV` in express:
  99. ```js
  100. var app = express()
  101. var sess = {
  102. secret: 'keyboard cat',
  103. cookie: {}
  104. }
  105. if (app.get('env') === 'production') {
  106. app.set('trust proxy', 1) // trust first proxy
  107. sess.cookie.secure = true // serve secure cookies
  108. }
  109. app.use(session(sess))
  110. ```
  111. The `cookie.secure` option can also be set to the special value `'auto'` to have
  112. this setting automatically match the determined security of the connection. Be
  113. careful when using this setting if the site is available both as HTTP and HTTPS,
  114. as once the cookie is set on HTTPS, it will no longer be visible over HTTP. This
  115. is useful when the Express `"trust proxy"` setting is properly setup to simplify
  116. development vs production configuration.
  117. ##### genid
  118. Function to call to generate a new session ID. Provide a function that returns
  119. a string that will be used as a session ID. The function is given `req` as the
  120. first argument if you want to use some value attached to `req` when generating
  121. the ID.
  122. The default value is a function which uses the `uid-safe` library to generate IDs.
  123. **NOTE** be careful to generate unique IDs so your sessions do not conflict.
  124. ```js
  125. app.use(session({
  126. genid: function(req) {
  127. return genuuid() // use UUIDs for session IDs
  128. },
  129. secret: 'keyboard cat'
  130. }))
  131. ```
  132. ##### name
  133. The name of the session ID cookie to set in the response (and read from in the
  134. request).
  135. The default value is `'connect.sid'`.
  136. **Note** if you have multiple apps running on the same hostname (this is just
  137. the name, i.e. `localhost` or `127.0.0.1`; different schemes and ports do not
  138. name a different hostname), then you need to separate the session cookies from
  139. each other. The simplest method is to simply set different `name`s per app.
  140. ##### proxy
  141. Trust the reverse proxy when setting secure cookies (via the "X-Forwarded-Proto"
  142. header).
  143. The default value is `undefined`.
  144. - `true` The "X-Forwarded-Proto" header will be used.
  145. - `false` All headers are ignored and the connection is considered secure only
  146. if there is a direct TLS/SSL connection.
  147. - `undefined` Uses the "trust proxy" setting from express
  148. ##### resave
  149. Forces the session to be saved back to the session store, even if the session
  150. was never modified during the request. Depending on your store this may be
  151. necessary, but it can also create race conditions where a client makes two
  152. parallel requests to your server and changes made to the session in one
  153. request may get overwritten when the other request ends, even if it made no
  154. changes (this behavior also depends on what store you're using).
  155. The default value is `true`, but using the default has been deprecated,
  156. as the default will change in the future. Please research into this setting
  157. and choose what is appropriate to your use-case. Typically, you'll want
  158. `false`.
  159. How do I know if this is necessary for my store? The best way to know is to
  160. check with your store if it implements the `touch` method. If it does, then
  161. you can safely set `resave: false`. If it does not implement the `touch`
  162. method and your store sets an expiration date on stored sessions, then you
  163. likely need `resave: true`.
  164. ##### rolling
  165. Force a session identifier cookie to be set on every response. The expiration
  166. is reset to the original [`maxAge`](#cookiemaxage), resetting the expiration
  167. countdown.
  168. The default value is `false`.
  169. **Note** When this option is set to `true` but the `saveUninitialized` option is
  170. set to `false`, the cookie will not be set on a response with an uninitialized
  171. session.
  172. ##### saveUninitialized
  173. Forces a session that is "uninitialized" to be saved to the store. A session is
  174. uninitialized when it is new but not modified. Choosing `false` is useful for
  175. implementing login sessions, reducing server storage usage, or complying with
  176. laws that require permission before setting a cookie. Choosing `false` will also
  177. help with race conditions where a client makes multiple parallel requests
  178. without a session.
  179. The default value is `true`, but using the default has been deprecated, as the
  180. default will change in the future. Please research into this setting and
  181. choose what is appropriate to your use-case.
  182. **Note** if you are using Session in conjunction with PassportJS, Passport
  183. will add an empty Passport object to the session for use after a user is
  184. authenticated, which will be treated as a modification to the session, causing
  185. it to be saved. *This has been fixed in PassportJS 0.3.0*
  186. ##### secret
  187. **Required option**
  188. This is the secret used to sign the session ID cookie. This can be either a string
  189. for a single secret, or an array of multiple secrets. If an array of secrets is
  190. provided, only the first element will be used to sign the session ID cookie, while
  191. all the elements will be considered when verifying the signature in requests.
  192. ##### store
  193. The session store instance, defaults to a new `MemoryStore` instance.
  194. ##### unset
  195. Control the result of unsetting `req.session` (through `delete`, setting to `null`,
  196. etc.).
  197. The default value is `'keep'`.
  198. - `'destroy'` The session will be destroyed (deleted) when the response ends.
  199. - `'keep'` The session in the store will be kept, but modifications made during
  200. the request are ignored and not saved.
  201. ### req.session
  202. To store or access session data, simply use the request property `req.session`,
  203. which is (generally) serialized as JSON by the store, so nested objects
  204. are typically fine. For example below is a user-specific view counter:
  205. ```js
  206. // Use the session middleware
  207. app.use(session({ secret: 'keyboard cat', cookie: { maxAge: 60000 }}))
  208. // Access the session as req.session
  209. app.get('/', function(req, res, next) {
  210. if (req.session.views) {
  211. req.session.views++
  212. res.setHeader('Content-Type', 'text/html')
  213. res.write('<p>views: ' + req.session.views + '</p>')
  214. res.write('<p>expires in: ' + (req.session.cookie.maxAge / 1000) + 's</p>')
  215. res.end()
  216. } else {
  217. req.session.views = 1
  218. res.end('welcome to the session demo. refresh!')
  219. }
  220. })
  221. ```
  222. #### Session.regenerate(callback)
  223. To regenerate the session simply invoke the method. Once complete,
  224. a new SID and `Session` instance will be initialized at `req.session`
  225. and the `callback` will be invoked.
  226. ```js
  227. req.session.regenerate(function(err) {
  228. // will have a new session here
  229. })
  230. ```
  231. #### Session.destroy(callback)
  232. Destroys the session and will unset the `req.session` property.
  233. Once complete, the `callback` will be invoked.
  234. ```js
  235. req.session.destroy(function(err) {
  236. // cannot access session here
  237. })
  238. ```
  239. #### Session.reload(callback)
  240. Reloads the session data from the store and re-populates the
  241. `req.session` object. Once complete, the `callback` will be invoked.
  242. ```js
  243. req.session.reload(function(err) {
  244. // session updated
  245. })
  246. ```
  247. #### Session.save(callback)
  248. Save the session back to the store, replacing the contents on the store with the
  249. contents in memory (though a store may do something else--consult the store's
  250. documentation for exact behavior).
  251. This method is automatically called at the end of the HTTP response if the
  252. session data has been altered (though this behavior can be altered with various
  253. options in the middleware constructor). Because of this, typically this method
  254. does not need to be called.
  255. There are some cases where it is useful to call this method, for example,
  256. redirects, long-lived requests or in WebSockets.
  257. ```js
  258. req.session.save(function(err) {
  259. // session saved
  260. })
  261. ```
  262. #### Session.touch()
  263. Updates the `.maxAge` property. Typically this is
  264. not necessary to call, as the session middleware does this for you.
  265. ### req.session.id
  266. Each session has a unique ID associated with it. This property is an
  267. alias of [`req.sessionID`](#reqsessionid-1) and cannot be modified.
  268. It has been added to make the session ID accessible from the `session`
  269. object.
  270. ### req.session.cookie
  271. Each session has a unique cookie object accompany it. This allows
  272. you to alter the session cookie per visitor. For example we can
  273. set `req.session.cookie.expires` to `false` to enable the cookie
  274. to remain for only the duration of the user-agent.
  275. #### Cookie.maxAge
  276. Alternatively `req.session.cookie.maxAge` will return the time
  277. remaining in milliseconds, which we may also re-assign a new value
  278. to adjust the `.expires` property appropriately. The following
  279. are essentially equivalent
  280. ```js
  281. var hour = 3600000
  282. req.session.cookie.expires = new Date(Date.now() + hour)
  283. req.session.cookie.maxAge = hour
  284. ```
  285. For example when `maxAge` is set to `60000` (one minute), and 30 seconds
  286. has elapsed it will return `30000` until the current request has completed,
  287. at which time `req.session.touch()` is called to reset
  288. `req.session.cookie.maxAge` to its original value.
  289. ```js
  290. req.session.cookie.maxAge // => 30000
  291. ```
  292. #### Cookie.originalMaxAge
  293. The `req.session.cookie.originalMaxAge` property returns the original
  294. `maxAge` (time-to-live), in milliseconds, of the session cookie.
  295. ### req.sessionID
  296. To get the ID of the loaded session, access the request property
  297. `req.sessionID`. This is simply a read-only value set when a session
  298. is loaded/created.
  299. ## Session Store Implementation
  300. Every session store _must_ be an `EventEmitter` and implement specific
  301. methods. The following methods are the list of **required**, **recommended**,
  302. and **optional**.
  303. * Required methods are ones that this module will always call on the store.
  304. * Recommended methods are ones that this module will call on the store if
  305. available.
  306. * Optional methods are ones this module does not call at all, but helps
  307. present uniform stores to users.
  308. For an example implementation view the [connect-redis](http://github.com/visionmedia/connect-redis) repo.
  309. ### store.all(callback)
  310. **Optional**
  311. This optional method is used to get all sessions in the store as an array. The
  312. `callback` should be called as `callback(error, sessions)`.
  313. ### store.destroy(sid, callback)
  314. **Required**
  315. This required method is used to destroy/delete a session from the store given
  316. a session ID (`sid`). The `callback` should be called as `callback(error)` once
  317. the session is destroyed.
  318. ### store.clear(callback)
  319. **Optional**
  320. This optional method is used to delete all sessions from the store. The
  321. `callback` should be called as `callback(error)` once the store is cleared.
  322. ### store.length(callback)
  323. **Optional**
  324. This optional method is used to get the count of all sessions in the store.
  325. The `callback` should be called as `callback(error, len)`.
  326. ### store.get(sid, callback)
  327. **Required**
  328. This required method is used to get a session from the store given a session
  329. ID (`sid`). The `callback` should be called as `callback(error, session)`.
  330. The `session` argument should be a session if found, otherwise `null` or
  331. `undefined` if the session was not found (and there was no error). A special
  332. case is made when `error.code === 'ENOENT'` to act like `callback(null, null)`.
  333. ### store.set(sid, session, callback)
  334. **Required**
  335. This required method is used to upsert a session into the store given a
  336. session ID (`sid`) and session (`session`) object. The callback should be
  337. called as `callback(error)` once the session has been set in the store.
  338. ### store.touch(sid, session, callback)
  339. **Recommended**
  340. This recommended method is used to "touch" a given session given a
  341. session ID (`sid`) and session (`session`) object. The `callback` should be
  342. called as `callback(error)` once the session has been touched.
  343. This is primarily used when the store will automatically delete idle sessions
  344. and this method is used to signal to the store the given session is active,
  345. potentially resetting the idle timer.
  346. ## Compatible Session Stores
  347. The following modules implement a session store that is compatible with this
  348. module. Please make a PR to add additional modules :)
  349. [![★][aerospike-session-store-image] aerospike-session-store][aerospike-session-store-url] A session store using [Aerospike](http://www.aerospike.com/).
  350. [aerospike-session-store-url]: https://www.npmjs.com/package/aerospike-session-store
  351. [aerospike-session-store-image]: https://badgen.net/github/stars/aerospike/aerospike-session-store-expressjs?label=%E2%98%85
  352. [![★][cassandra-store-image] cassandra-store][cassandra-store-url] An Apache Cassandra-based session store.
  353. [cassandra-store-url]: https://www.npmjs.com/package/cassandra-store
  354. [cassandra-store-image]: https://badgen.net/github/stars/webcc/cassandra-store?label=%E2%98%85
  355. [![★][cluster-store-image] cluster-store][cluster-store-url] A wrapper for using in-process / embedded
  356. stores - such as SQLite (via knex), leveldb, files, or memory - with node cluster (desirable for Raspberry Pi 2
  357. and other multi-core embedded devices).
  358. [cluster-store-url]: https://www.npmjs.com/package/cluster-store
  359. [cluster-store-image]: https://badgen.net/github/stars/coolaj86/cluster-store?label=%E2%98%85
  360. [![★][connect-arango-image] connect-arango][connect-arango-url] An ArangoDB-based session store.
  361. [connect-arango-url]: https://www.npmjs.com/package/connect-arango
  362. [connect-arango-image]: https://badgen.net/github/stars/AlexanderArvidsson/connect-arango?label=%E2%98%85
  363. [![★][connect-azuretables-image] connect-azuretables][connect-azuretables-url] An [Azure Table Storage](https://azure.microsoft.com/en-gb/services/storage/tables/)-based session store.
  364. [connect-azuretables-url]: https://www.npmjs.com/package/connect-azuretables
  365. [connect-azuretables-image]: https://badgen.net/github/stars/mike-goodwin/connect-azuretables?label=%E2%98%85
  366. [![★][connect-cloudant-store-image] connect-cloudant-store][connect-cloudant-store-url] An [IBM Cloudant](https://cloudant.com/)-based session store.
  367. [connect-cloudant-store-url]: https://www.npmjs.com/package/connect-cloudant-store
  368. [connect-cloudant-store-image]: https://badgen.net/github/stars/adriantanasa/connect-cloudant-store?label=%E2%98%85
  369. [![★][connect-couchbase-image] connect-couchbase][connect-couchbase-url] A [couchbase](http://www.couchbase.com/)-based session store.
  370. [connect-couchbase-url]: https://www.npmjs.com/package/connect-couchbase
  371. [connect-couchbase-image]: https://badgen.net/github/stars/christophermina/connect-couchbase?label=%E2%98%85
  372. [![★][connect-datacache-image] connect-datacache][connect-datacache-url] An [IBM Bluemix Data Cache](http://www.ibm.com/cloud-computing/bluemix/)-based session store.
  373. [connect-datacache-url]: https://www.npmjs.com/package/connect-datacache
  374. [connect-datacache-image]: https://badgen.net/github/stars/adriantanasa/connect-datacache?label=%E2%98%85
  375. [![★][@google-cloud/connect-datastore-image] @google-cloud/connect-datastore][@google-cloud/connect-datastore-url] A [Google Cloud Datastore](https://cloud.google.com/datastore/docs/concepts/overview)-based session store.
  376. [@google-cloud/connect-datastore-url]: https://www.npmjs.com/package/@google-cloud/connect-datastore
  377. [@google-cloud/connect-datastore-image]: https://badgen.net/github/stars/GoogleCloudPlatform/cloud-datastore-session-node?label=%E2%98%85
  378. [![★][connect-db2-image] connect-db2][connect-db2-url] An IBM DB2-based session store built using [ibm_db](https://www.npmjs.com/package/ibm_db) module.
  379. [connect-db2-url]: https://www.npmjs.com/package/connect-db2
  380. [connect-db2-image]: https://badgen.net/github/stars/wallali/connect-db2?label=%E2%98%85
  381. [![★][connect-dynamodb-image] connect-dynamodb][connect-dynamodb-url] A DynamoDB-based session store.
  382. [connect-dynamodb-url]: https://www.npmjs.com/package/connect-dynamodb
  383. [connect-dynamodb-image]: https://badgen.net/github/stars/ca98am79/connect-dynamodb?label=%E2%98%85
  384. [![★][@google-cloud/connect-firestore-image] @google-cloud/connect-firestore][@google-cloud/connect-firestore-url] A [Google Cloud Firestore](https://cloud.google.com/firestore/docs/overview)-based session store.
  385. [@google-cloud/connect-firestore-url]: https://www.npmjs.com/package/@google-cloud/connect-firestore
  386. [@google-cloud/connect-firestore-image]: https://badgen.net/github/stars/googleapis/nodejs-firestore-session?label=%E2%98%85
  387. [![★][connect-hazelcast-image] connect-hazelcast][connect-hazelcast-url] Hazelcast session store for Connect and Express.
  388. [connect-hazelcast-url]: https://www.npmjs.com/package/connect-hazelcast
  389. [connect-hazelcast-image]: https://badgen.net/github/stars/huseyinbabal/connect-hazelcast?label=%E2%98%85
  390. [![★][connect-loki-image] connect-loki][connect-loki-url] A Loki.js-based session store.
  391. [connect-loki-url]: https://www.npmjs.com/package/connect-loki
  392. [connect-loki-image]: https://badgen.net/github/stars/Requarks/connect-loki?label=%E2%98%85
  393. [![★][connect-memcached-image] connect-memcached][connect-memcached-url] A memcached-based session store.
  394. [connect-memcached-url]: https://www.npmjs.com/package/connect-memcached
  395. [connect-memcached-image]: https://badgen.net/github/stars/balor/connect-memcached?label=%E2%98%85
  396. [![★][connect-memjs-image] connect-memjs][connect-memjs-url] A memcached-based session store using
  397. [memjs](https://www.npmjs.com/package/memjs) as the memcached client.
  398. [connect-memjs-url]: https://www.npmjs.com/package/connect-memjs
  399. [connect-memjs-image]: https://badgen.net/github/stars/liamdon/connect-memjs?label=%E2%98%85
  400. [![★][connect-ml-image] connect-ml][connect-ml-url] A MarkLogic Server-based session store.
  401. [connect-ml-url]: https://www.npmjs.com/package/connect-ml
  402. [connect-ml-image]: https://badgen.net/github/stars/bluetorch/connect-ml?label=%E2%98%85
  403. [![★][connect-monetdb-image] connect-monetdb][connect-monetdb-url] A MonetDB-based session store.
  404. [connect-monetdb-url]: https://www.npmjs.com/package/connect-monetdb
  405. [connect-monetdb-image]: https://badgen.net/github/stars/MonetDB/npm-connect-monetdb?label=%E2%98%85
  406. [![★][connect-mongo-image] connect-mongo][connect-mongo-url] A MongoDB-based session store.
  407. [connect-mongo-url]: https://www.npmjs.com/package/connect-mongo
  408. [connect-mongo-image]: https://badgen.net/github/stars/kcbanner/connect-mongo?label=%E2%98%85
  409. [![★][connect-mongodb-session-image] connect-mongodb-session][connect-mongodb-session-url] Lightweight MongoDB-based session store built and maintained by MongoDB.
  410. [connect-mongodb-session-url]: https://www.npmjs.com/package/connect-mongodb-session
  411. [connect-mongodb-session-image]: https://badgen.net/github/stars/mongodb-js/connect-mongodb-session?label=%E2%98%85
  412. [![★][connect-mssql-image] connect-mssql][connect-mssql-url] A SQL Server-based session store.
  413. [connect-mssql-url]: https://www.npmjs.com/package/connect-mssql
  414. [connect-mssql-image]: https://badgen.net/github/stars/patriksimek/connect-mssql?label=%E2%98%85
  415. [![★][connect-pg-simple-image] connect-pg-simple][connect-pg-simple-url] A PostgreSQL-based session store.
  416. [connect-pg-simple-url]: https://www.npmjs.com/package/connect-pg-simple
  417. [connect-pg-simple-image]: https://badgen.net/github/stars/voxpelli/node-connect-pg-simple?label=%E2%98%85
  418. [![★][connect-redis-image] connect-redis][connect-redis-url] A Redis-based session store.
  419. [connect-redis-url]: https://www.npmjs.com/package/connect-redis
  420. [connect-redis-image]: https://badgen.net/github/stars/tj/connect-redis?label=%E2%98%85
  421. [![★][connect-session-firebase-image] connect-session-firebase][connect-session-firebase-url] A session store based on the [Firebase Realtime Database](https://firebase.google.com/docs/database/)
  422. [connect-session-firebase-url]: https://www.npmjs.com/package/connect-session-firebase
  423. [connect-session-firebase-image]: https://badgen.net/github/stars/benweier/connect-session-firebase?label=%E2%98%85
  424. [![★][connect-session-knex-image] connect-session-knex][connect-session-knex-url] A session store using
  425. [Knex.js](http://knexjs.org/), which is a SQL query builder for PostgreSQL, MySQL, MariaDB, SQLite3, and Oracle.
  426. [connect-session-knex-url]: https://www.npmjs.com/package/connect-session-knex
  427. [connect-session-knex-image]: https://badgen.net/github/stars/llambda/connect-session-knex?label=%E2%98%85
  428. [![★][connect-session-sequelize-image] connect-session-sequelize][connect-session-sequelize-url] A session store using
  429. [Sequelize.js](http://sequelizejs.com/), which is a Node.js / io.js ORM for PostgreSQL, MySQL, SQLite and MSSQL.
  430. [connect-session-sequelize-url]: https://www.npmjs.com/package/connect-session-sequelize
  431. [connect-session-sequelize-image]: https://badgen.net/github/stars/mweibel/connect-session-sequelize?label=%E2%98%85
  432. [![★][connect-sqlite3-image] connect-sqlite3][connect-sqlite3-url] A [SQLite3](https://github.com/mapbox/node-sqlite3) session store modeled after the TJ's `connect-redis` store.
  433. [connect-sqlite3-url]: https://www.npmjs.com/package/connect-sqlite3
  434. [connect-sqlite3-image]: https://badgen.net/github/stars/rawberg/connect-sqlite3?label=%E2%98%85
  435. [![★][connect-typeorm-image] connect-typeorm][connect-typeorm-url] A [TypeORM](https://github.com/typeorm/typeorm)-based session store.
  436. [connect-typeorm-url]: https://www.npmjs.com/package/connect-typeorm
  437. [connect-typeorm-image]: https://badgen.net/github/stars/makepost/connect-typeorm?label=%E2%98%85
  438. [![★][couchdb-expression-image] couchdb-expression][couchdb-expression-url] A [CouchDB](https://couchdb.apache.org/)-based session store.
  439. [couchdb-expression-url]: https://www.npmjs.com/package/couchdb-expression
  440. [couchdb-expression-image]: https://badgen.net/github/stars/tkshnwesper/couchdb-expression?label=%E2%98%85
  441. [![★][documentdb-session-image] documentdb-session][documentdb-session-url] A session store for Microsoft Azure's [DocumentDB](https://azure.microsoft.com/en-us/services/documentdb/) NoSQL database service.
  442. [documentdb-session-url]: https://www.npmjs.com/package/documentdb-session
  443. [documentdb-session-image]: https://badgen.net/github/stars/dwhieb/documentdb-session?label=%E2%98%85
  444. [![★][dynamodb-store-image] dynamodb-store][dynamodb-store-url] A DynamoDB-based session store.
  445. [dynamodb-store-url]: https://www.npmjs.com/package/dynamodb-store
  446. [dynamodb-store-image]: https://badgen.net/github/stars/rafaelrpinto/dynamodb-store?label=%E2%98%85
  447. [![★][express-etcd-image] express-etcd][express-etcd-url] An [etcd](https://github.com/stianeikeland/node-etcd) based session store.
  448. [express-etcd-url]: https://www.npmjs.com/package/express-etcd
  449. [express-etcd-image]: https://badgen.net/github/stars/gildean/express-etcd?label=%E2%98%85
  450. [![★][express-mysql-session-image] express-mysql-session][express-mysql-session-url] A session store using native
  451. [MySQL](https://www.mysql.com/) via the [node-mysql](https://github.com/felixge/node-mysql) module.
  452. [express-mysql-session-url]: https://www.npmjs.com/package/express-mysql-session
  453. [express-mysql-session-image]: https://badgen.net/github/stars/chill117/express-mysql-session?label=%E2%98%85
  454. [![★][express-nedb-session-image] express-nedb-session][express-nedb-session-url] A NeDB-based session store.
  455. [express-nedb-session-url]: https://www.npmjs.com/package/express-nedb-session
  456. [express-nedb-session-image]: https://badgen.net/github/stars/louischatriot/express-nedb-session?label=%E2%98%85
  457. [![★][express-oracle-session-image] express-oracle-session][express-oracle-session-url] A session store using native
  458. [oracle](https://www.oracle.com/) via the [node-oracledb](https://www.npmjs.com/package/oracledb) module.
  459. [express-oracle-session-url]: https://www.npmjs.com/package/express-oracle-session
  460. [express-oracle-session-image]: https://badgen.net/github/stars/slumber86/express-oracle-session?label=%E2%98%85
  461. [![★][express-session-cache-manager-image] express-session-cache-manager][express-session-cache-manager-url]
  462. A store that implements [cache-manager](https://www.npmjs.com/package/cache-manager), which supports
  463. a [variety of storage types](https://www.npmjs.com/package/cache-manager#store-engines).
  464. [express-session-cache-manager-url]: https://www.npmjs.com/package/express-session-cache-manager
  465. [express-session-cache-manager-image]: https://badgen.net/github/stars/theogravity/express-session-cache-manager?label=%E2%98%85
  466. [![★][express-session-etcd3-image] express-session-etcd3][express-session-etcd3-url] An [etcd3](https://github.com/mixer/etcd3) based session store.
  467. [express-session-etcd3-url]: https://www.npmjs.com/package/express-session-etcd3
  468. [express-session-etcd3-image]: https://badgen.net/github/stars/willgm/express-session-etcd3?label=%E2%98%85
  469. [![★][express-session-level-image] express-session-level][express-session-level-url] A [LevelDB](https://github.com/Level/levelup) based session store.
  470. [express-session-level-url]: https://www.npmjs.com/package/express-session-level
  471. [express-session-level-image]: https://badgen.net/github/stars/tgohn/express-session-level?label=%E2%98%85
  472. [![★][express-sessions-image] express-sessions][express-sessions-url] A session store supporting both MongoDB and Redis.
  473. [express-sessions-url]: https://www.npmjs.com/package/express-sessions
  474. [express-sessions-image]: https://badgen.net/github/stars/konteck/express-sessions?label=%E2%98%85
  475. [![★][firestore-store-image] firestore-store][firestore-store-url] A [Firestore](https://github.com/hendrysadrak/firestore-store)-based session store.
  476. [firestore-store-url]: https://www.npmjs.com/package/firestore-store
  477. [firestore-store-image]: https://badgen.net/github/stars/hendrysadrak/firestore-store?label=%E2%98%85
  478. [![★][fortune-session-image] fortune-session][fortune-session-url] A [Fortune.js](https://github.com/fortunejs/fortune)
  479. based session store. Supports all backends supported by Fortune (MongoDB, Redis, Postgres, NeDB).
  480. [fortune-session-url]: https://www.npmjs.com/package/fortune-session
  481. [fortune-session-image]: https://badgen.net/github/stars/aliceklipper/fortune-session?label=%E2%98%85
  482. [![★][hazelcast-store-image] hazelcast-store][hazelcast-store-url] A Hazelcast-based session store built on the [Hazelcast Node Client](https://www.npmjs.com/package/hazelcast-client).
  483. [hazelcast-store-url]: https://www.npmjs.com/package/hazelcast-store
  484. [hazelcast-store-image]: https://badgen.net/github/stars/jackspaniel/hazelcast-store?label=%E2%98%85
  485. [![★][level-session-store-image] level-session-store][level-session-store-url] A LevelDB-based session store.
  486. [level-session-store-url]: https://www.npmjs.com/package/level-session-store
  487. [level-session-store-image]: https://badgen.net/github/stars/toddself/level-session-store?label=%E2%98%85
  488. [![★][medea-session-store-image] medea-session-store][medea-session-store-url] A Medea-based session store.
  489. [medea-session-store-url]: https://www.npmjs.com/package/medea-session-store
  490. [medea-session-store-image]: https://badgen.net/github/stars/BenjaminVadant/medea-session-store?label=%E2%98%85
  491. [![★][memorystore-image] memorystore][memorystore-url] A memory session store made for production.
  492. [memorystore-url]: https://www.npmjs.com/package/memorystore
  493. [memorystore-image]: https://badgen.net/github/stars/roccomuso/memorystore?label=%E2%98%85
  494. [![★][mssql-session-store-image] mssql-session-store][mssql-session-store-url] A SQL Server-based session store.
  495. [mssql-session-store-url]: https://www.npmjs.com/package/mssql-session-store
  496. [mssql-session-store-image]: https://badgen.net/github/stars/jwathen/mssql-session-store?label=%E2%98%85
  497. [![★][nedb-session-store-image] nedb-session-store][nedb-session-store-url] An alternate NeDB-based (either in-memory or file-persisted) session store.
  498. [nedb-session-store-url]: https://www.npmjs.com/package/nedb-session-store
  499. [nedb-session-store-image]: https://badgen.net/github/stars/JamesMGreene/nedb-session-store?label=%E2%98%85
  500. [![★][restsession-image] restsession][restsession-url] Store sessions utilizing a RESTful API
  501. [restsession-url]: https://www.npmjs.com/package/restsession
  502. [restsession-image]: https://badgen.net/github/stars/jankal/restsession?label=%E2%98%85
  503. [![★][sequelstore-connect-image] sequelstore-connect][sequelstore-connect-url] A session store using [Sequelize.js](http://sequelizejs.com/).
  504. [sequelstore-connect-url]: https://www.npmjs.com/package/sequelstore-connect
  505. [sequelstore-connect-image]: https://badgen.net/github/stars/MattMcFarland/sequelstore-connect?label=%E2%98%85
  506. [![★][session-file-store-image] session-file-store][session-file-store-url] A file system-based session store.
  507. [session-file-store-url]: https://www.npmjs.com/package/session-file-store
  508. [session-file-store-image]: https://badgen.net/github/stars/valery-barysok/session-file-store?label=%E2%98%85
  509. [![★][session-pouchdb-store-image] session-pouchdb-store][session-pouchdb-store-url] Session store for PouchDB / CouchDB. Accepts embedded, custom, or remote PouchDB instance and realtime synchronization.
  510. [session-pouchdb-store-url]: https://www.npmjs.com/package/session-pouchdb-store
  511. [session-pouchdb-store-image]: https://badgen.net/github/stars/solzimer/session-pouchdb-store?label=%E2%98%85
  512. [![★][session-rethinkdb-image] session-rethinkdb][session-rethinkdb-url] A [RethinkDB](http://rethinkdb.com/)-based session store.
  513. [session-rethinkdb-url]: https://www.npmjs.com/package/session-rethinkdb
  514. [session-rethinkdb-image]: https://badgen.net/github/stars/llambda/session-rethinkdb?label=%E2%98%85
  515. [![★][sessionstore-image] sessionstore][sessionstore-url] A session store that works with various databases.
  516. [sessionstore-url]: https://www.npmjs.com/package/sessionstore
  517. [sessionstore-image]: https://badgen.net/github/stars/adrai/sessionstore?label=%E2%98%85
  518. [![★][tch-nedb-session-image] tch-nedb-session][tch-nedb-session-url] A file system session store based on NeDB.
  519. [tch-nedb-session-url]: https://www.npmjs.com/package/tch-nedb-session
  520. [tch-nedb-session-image]: https://badgen.net/github/stars/tomaschyly/NeDBSession?label=%E2%98%85
  521. ## Example
  522. A simple example using `express-session` to store page views for a user.
  523. ```js
  524. var express = require('express')
  525. var parseurl = require('parseurl')
  526. var session = require('express-session')
  527. var app = express()
  528. app.use(session({
  529. secret: 'keyboard cat',
  530. resave: false,
  531. saveUninitialized: true
  532. }))
  533. app.use(function (req, res, next) {
  534. if (!req.session.views) {
  535. req.session.views = {}
  536. }
  537. // get the url pathname
  538. var pathname = parseurl(req).pathname
  539. // count the views
  540. req.session.views[pathname] = (req.session.views[pathname] || 0) + 1
  541. next()
  542. })
  543. app.get('/foo', function (req, res, next) {
  544. res.send('you viewed this page ' + req.session.views['/foo'] + ' times')
  545. })
  546. app.get('/bar', function (req, res, next) {
  547. res.send('you viewed this page ' + req.session.views['/bar'] + ' times')
  548. })
  549. ```
  550. ## License
  551. [MIT](LICENSE)
  552. [coveralls-image]: https://badgen.net/coveralls/c/github/expressjs/session/master
  553. [coveralls-url]: https://coveralls.io/r/expressjs/session?branch=master
  554. [node-url]: https://nodejs.org/en/download
  555. [npm-downloads-image]: https://badgen.net/npm/dm/express-session
  556. [npm-url]: https://npmjs.org/package/express-session
  557. [npm-version-image]: https://badgen.net/npm/v/express-session
  558. [travis-image]: https://badgen.net/travis/expressjs/session/master
  559. [travis-url]: https://travis-ci.org/expressjs/session