CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/npm-express-session

Simple session middleware for Express.js applications

Pending
Quality

Pending

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

SecuritybySnyk

Pending

The risk profile of this skill

Overview
Eval results
Files

index.mddocs/

Express Session

Express Session is a session middleware for Express.js applications that provides server-side session storage with configurable session ID cookies. It enables stateful user sessions with automatic session lifecycle management, built-in security features, and support for various storage backends.

Package Information

  • Package Name: express-session
  • Package Type: npm
  • Language: JavaScript (Node.js)
  • Installation: npm install express-session

Core Imports

const session = require('express-session');

For ES6 modules:

import session from 'express-session';

Access to additional classes:

const { Store, Cookie, Session, MemoryStore } = require('express-session');

Basic Usage

const express = require('express');
const session = require('express-session');

const app = express();

// Configure session middleware
app.use(session({
  secret: 'keyboard cat',
  resave: false,
  saveUninitialized: true,
  cookie: { secure: false, maxAge: 60000 }
}));

// Use session in routes
app.get('/', (req, res) => {
  if (req.session.views) {
    req.session.views++;
    res.send(`Number of views: ${req.session.views}`);
  } else {
    req.session.views = 1;
    res.send('Welcome to the session demo. Refresh!');
  }
});

Architecture

Express Session is built around several key components:

  • Session Middleware: Factory function that creates Express middleware for session handling
  • Session Store Interface: Abstract base class defining the storage API for session persistence
  • Memory Store: Default in-memory session storage implementation (not recommended for production)
  • Cookie Management: Handles session cookie creation, parsing, and security
  • Session Object: Provides session data access and lifecycle methods on the request object

The middleware automatically handles session ID generation, cookie parsing, session loading/saving, and cleanup based on configurable options.

Capabilities

Session Middleware Configuration

Core session middleware factory function with comprehensive configuration options for session behavior, cookie settings, and security features.

function session(options: SessionOptions): (req: Request, res: Response, next: NextFunction) => void;

interface SessionOptions {
  secret: string | string[];
  cookie?: CookieOptions;
  genid?: (req: Request) => string;
  name?: string;
  proxy?: boolean;
  resave?: boolean;
  rolling?: boolean;
  saveUninitialized?: boolean;
  store?: Store;
  unset?: 'destroy' | 'keep';
}

interface CookieOptions {
  domain?: string;
  expires?: Date;
  httpOnly?: boolean;
  maxAge?: number;
  partitioned?: boolean;
  path?: string;
  priority?: 'low' | 'medium' | 'high';
  sameSite?: boolean | 'lax' | 'strict' | 'none';
  secure?: boolean | 'auto';
}

Session Configuration

Session Object API

Session data access and lifecycle management methods available on the request object, providing persistent storage and session control capabilities.

interface SessionData {
  id: string;
  cookie: Cookie;
  [key: string]: any;
}

// Session lifecycle methods
req.session.regenerate(callback: (err?: Error) => void): Session;
req.session.destroy(callback: (err?: Error) => void): Session;
req.session.reload(callback: (err?: Error) => void): Session;
req.session.save(callback: (err?: Error) => void): Session;
req.session.touch(): Session;

Session API

Cookie Management

Session cookie configuration and manipulation with security features and expiration handling.

class Cookie {
  constructor(options?: CookieOptions);
  
  path: string;
  maxAge: number | null;
  httpOnly: boolean;
  secure?: boolean;
  domain?: string;
  sameSite?: boolean | string;
  partitioned?: boolean;
  priority?: string;
  expires?: Date;
  originalMaxAge?: number;
  
  serialize(name: string, val: string): string;
  toJSON(): object;
  readonly data: object;
}

Cookie Management

Session Store Interface

Abstract base class and interface for implementing custom session storage backends with required and optional methods.

class Store extends EventEmitter {
  // Required methods
  destroy(sid: string, callback: (err?: Error) => void): void;
  get(sid: string, callback: (err?: Error, session?: any) => void): void;
  set(sid: string, session: any, callback: (err?: Error) => void): void;
  
  // Recommended methods
  touch(sid: string, session: any, callback: (err?: Error) => void): void;
  
  // Optional methods
  all(callback: (err?: Error, sessions?: { [sid: string]: any }) => void): void;
  clear(callback: (err?: Error) => void): void;
  length(callback: (err?: Error, length?: number) => void): void;
  
  // Utility methods
  regenerate(req: Request, callback: (err?: Error) => void): void;
  load(sid: string, callback: (err?: Error, session?: Session) => void): void;
  createSession(req: Request, sess: any): Session;
}

Session Stores

Request Object Extensions

Express Session extends the Express request object with session-related properties:

interface Request {
  session: SessionData;
  sessionID: string;
  sessionStore: Store;
}

These properties are automatically added when the session middleware processes a request.

docs

cookie-management.md

index.md

session-api.md

session-config.md

session-stores.md

tile.json