README
express-sessionless
Persistence less session management for express.
This module acts as a session provider for express based apps. It stores the user's session into a cookie and uses HMAC to sign that data and verify its validity.
It is still work in progress. Remains to be done:
- there should be 2 TTLs. One for the whole session and another after which a token is renewed.
- right now, a new session token is generated for every request. Instead, one should only be generated if the session data has changed or if the renewal token has expired.
Usage
var app = require('express')()
var cookieParser = require('cookie-parser')
var SessionLess = require('express-sessionless')
var sessionLess = new SessionLess({
secret: 'There is no place like 127.0.0.1',
ttl: 86400, // the expiration time for a cookie
hmacAlgorithm: 'sha256' // the hashing algorithm
})
app.use(cookieParser()) // required for SessionLess to work
app.use(sessionLess.sessionMiddleware())
app.get('/login', function(req, res) {
req.session.user = req.body.user
res.send()
})
server.app.get('/current-user', function(req, res) {
res.send(req.session.user)
})
server.app.get('/logout', function(req, res) {
delete req.session
res.send()
})
app.listen(3000)