or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

docs

cookie-management.mdindex.mdsession-api.mdsession-config.mdsession-stores.md
tile.json

tessl/npm-express-session

Simple session middleware for Express.js applications

Workspace
tessl
Visibility
Public
Created
Last updated
Describes
npmpkg:npm/express-session@1.18.x

To install, run

npx @tessl/cli install tessl/npm-express-session@1.18.0

index.mddocs/

Express Session

Express Session is a session middleware for Express.js applications that provides server-side session storage with configurable session ID cookies. It enables stateful user sessions with automatic session lifecycle management, built-in security features, and support for various storage backends.

Package Information

  • Package Name: express-session
  • Package Type: npm
  • Language: JavaScript (Node.js)
  • Installation: npm install express-session

Core Imports

const session = require('express-session');

For ES6 modules:

import session from 'express-session';

Access to additional classes:

const { Store, Cookie, Session, MemoryStore } = require('express-session');

Basic Usage

const express = require('express');
const session = require('express-session');

const app = express();

// Configure session middleware
app.use(session({
  secret: 'keyboard cat',
  resave: false,
  saveUninitialized: true,
  cookie: { secure: false, maxAge: 60000 }
}));

// Use session in routes
app.get('/', (req, res) => {
  if (req.session.views) {
    req.session.views++;
    res.send(`Number of views: ${req.session.views}`);
  } else {
    req.session.views = 1;
    res.send('Welcome to the session demo. Refresh!');
  }
});

Architecture

Express Session is built around several key components:

  • Session Middleware: Factory function that creates Express middleware for session handling
  • Session Store Interface: Abstract base class defining the storage API for session persistence
  • Memory Store: Default in-memory session storage implementation (not recommended for production)
  • Cookie Management: Handles session cookie creation, parsing, and security
  • Session Object: Provides session data access and lifecycle methods on the request object

The middleware automatically handles session ID generation, cookie parsing, session loading/saving, and cleanup based on configurable options.

Capabilities

Session Middleware Configuration

Core session middleware factory function with comprehensive configuration options for session behavior, cookie settings, and security features.

function session(options: SessionOptions): (req: Request, res: Response, next: NextFunction) => void;

interface SessionOptions {
  secret: string | string[];
  cookie?: CookieOptions;
  genid?: (req: Request) => string;
  name?: string;
  proxy?: boolean;
  resave?: boolean;
  rolling?: boolean;
  saveUninitialized?: boolean;
  store?: Store;
  unset?: 'destroy' | 'keep';
}

interface CookieOptions {
  domain?: string;
  expires?: Date;
  httpOnly?: boolean;
  maxAge?: number;
  partitioned?: boolean;
  path?: string;
  priority?: 'low' | 'medium' | 'high';
  sameSite?: boolean | 'lax' | 'strict' | 'none';
  secure?: boolean | 'auto';
}

Session Configuration

Session Object API

Session data access and lifecycle management methods available on the request object, providing persistent storage and session control capabilities.

interface SessionData {
  id: string;
  cookie: Cookie;
  [key: string]: any;
}

// Session lifecycle methods
req.session.regenerate(callback: (err?: Error) => void): Session;
req.session.destroy(callback: (err?: Error) => void): Session;
req.session.reload(callback: (err?: Error) => void): Session;
req.session.save(callback: (err?: Error) => void): Session;
req.session.touch(): Session;

Session API

Cookie Management

Session cookie configuration and manipulation with security features and expiration handling.

class Cookie {
  constructor(options?: CookieOptions);
  
  path: string;
  maxAge: number | null;
  httpOnly: boolean;
  secure?: boolean;
  domain?: string;
  sameSite?: boolean | string;
  partitioned?: boolean;
  priority?: string;
  expires?: Date;
  originalMaxAge?: number;
  
  serialize(name: string, val: string): string;
  toJSON(): object;
  readonly data: object;
}

Cookie Management

Session Store Interface

Abstract base class and interface for implementing custom session storage backends with required and optional methods.

class Store extends EventEmitter {
  // Required methods
  destroy(sid: string, callback: (err?: Error) => void): void;
  get(sid: string, callback: (err?: Error, session?: any) => void): void;
  set(sid: string, session: any, callback: (err?: Error) => void): void;
  
  // Recommended methods
  touch(sid: string, session: any, callback: (err?: Error) => void): void;
  
  // Optional methods
  all(callback: (err?: Error, sessions?: { [sid: string]: any }) => void): void;
  clear(callback: (err?: Error) => void): void;
  length(callback: (err?: Error, length?: number) => void): void;
  
  // Utility methods
  regenerate(req: Request, callback: (err?: Error) => void): void;
  load(sid: string, callback: (err?: Error, session?: Session) => void): void;
  createSession(req: Request, sess: any): Session;
}

Session Stores

Request Object Extensions

Express Session extends the Express request object with session-related properties:

interface Request {
  session: SessionData;
  sessionID: string;
  sessionStore: Store;
}

These properties are automatically added when the session middleware processes a request.