CtrlK
BlogDocsLog inGet started
Tessl Logo

session-management

Implements secure session management with JWT tokens, Redis storage, refresh flows, and proper cookie configuration. Use when building authentication systems, managing user sessions, or implementing secure logout functionality.

93

1.97x
Quality

89%

Does it follow best practices?

Impact

97%

1.97x

Average score across 3 eval scenarios

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Evaluation results

100%

22%

Implement Authentication Token Generation

JWT token generation

Criteria
Without context
With context

jsonwebtoken package

100%

100%

Access token type field

100%

100%

Access token role field

100%

100%

Access token userId field

50%

100%

Access token expiry

0%

100%

Refresh token type field

100%

100%

Refresh token expiry

100%

100%

Separate access secret

50%

100%

Separate refresh secret

50%

100%

No sensitive data in tokens

100%

100%

No URL param transmission

100%

100%

Refresh token minimal payload

87%

100%

100%

90%

Build a Multi-Device Session Store

Redis session storage

Criteria
Without context
With context

Redis package used

0%

100%

Key pattern: sessions:{userId}

0%

100%

Hash storage

0%

100%

randomUUID for session ID

0%

100%

createdAt in session data

100%

100%

7-day Redis expiry

0%

100%

Invalidate all via del

0%

100%

Session data serialized

0%

100%

Async session operations

0%

100%

Redis client created correctly

0%

100%

91%

32%

Add Session Middleware and Token Refresh to an Express API

Cookie config and token refresh

Criteria
Without context
With context

Cookie name: session

0%

100%

httpOnly: true

100%

100%

sameSite: strict

0%

100%

secure: production only

100%

100%

maxAge: 1 hour

0%

0%

domain: .example.com

100%

100%

resave: false

100%

100%

saveUninitialized: false

100%

100%

Refresh route: POST /auth/refresh

100%

100%

Refresh token from cookie

0%

100%

Token type validation

100%

100%

401 on refresh failure

30%

70%

SESSION_SECRET from env

75%

100%

Repository
secondsky/claude-skills
Commit

90d6bd7

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

Implement Authentication Token GenerationBuild a Multi-Device Session StoreAdd Session Middleware and Token Refresh to an Express API

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill