Session tokens are secret strings consisting of 32 ASCII characters in the range
CSRF tokens are secret strings constisting of 30 ASCII characters in the range
Storage keys are 16-byte
Buffer values that don’t need to be treated as secret.
User ids are non-
undefined values otherwise free to be defined by the user of the
Gets a session based on a token. The session token can change after this operation, indicated by a non-null
nullif no token was provided.
SessionBox#update(session, newUserId, callback)
Updates a session obtained from
SessionBox#getwith a new user id. The session token will always change after this operation, and the old session will be invalidated. Pass
nullto update to a guest session.
Sessions have the following public properties:
A new session token to return to the client, or
nullif the existing session token remains valid.
The user id associated with the session.
nullrepresents a guest session.
The CSRF token associated with the session.
A storage implementation should provide these methods:
Retrieves a user id based on a key. The callback has two parameters:
If the key does not exist, the retrieved value should be
undefinedis also accepted).
set(key, userId, callback)
Associates a user id with a key. The callback has one parameter:
The key will not already exist.
delete(key, userId, callback)
Disassociates a user id from a key. The id is provided in case the storage maintains a set of keys for each user (e.g. for the purposes of invalidating all of a user’s sessions). The callback has one parameter:
If the key does not exist, no error should be produced.