6.5 KiB
Session middleware for Hono
Session middleware for Hono using encrypted JSON Web Tokens.
This middleware depends on jose for JSON Web Encryption.
Other resources worth reading include:
Installation
npm i @hono/session
Environment Variables
AUTH_SECRET=
[!TIP] Quickly generate a good secret with
openssl$ openssl rand -base64 32
Options
| Option | Type | Description |
|---|---|---|
generateId? |
() => string |
Function to generate a unique session ID |
secret? |
string | EncryptionKey |
32-byte, hex-encoded string, or encryption key, used to encrypt the session cookie. Defaults to process.env.AUTH_SECRET |
duration? |
MaxAgeDuration |
The maximum age duration of the session cookie. By default, no maximum age is set |
deleteCookie? |
DeleteCookie |
Defaults to hono/cookie#deleteCookie |
getCookie? |
GetCookie |
Defaults to hono/cookie#getCookie |
setCookie? |
SetCookie |
Defaults to hono/cookie#setCookie |
EncryptionKey
MaxAgeDuration
See Session lifetime
[!IMPORTANT] By default, session cookies do not expire. It is recommended to provide value for
duration.absolute
Properties
| Property | Type | Description |
|---|---|---|
absolute |
number |
Duration in seconds a session will be valid for, after which it will be expired and have to be re-authenticated. |
inactivity? |
number |
Duration in seconds a session will be considered active, during which the session max age can be extended. |
Session<Data>
Properties
| Property | Type | Description |
|---|---|---|
readonly data |
Data | null |
Current session data. |
Methods
delete()
delete(): void
Delete the current session, removing the session cookie and data from storage.
Returns
void
get()
get(refresh): Promise<Data | null>
Get the current session data, optionally calling the provided refresh function.
Parameters
| Parameter | Type | Description |
|---|---|---|
refresh? |
Refresh<Data> |
Optional refresh function. |
Returns
Promise<Data | null>
Refresh<Data>
refresh(expired) => Promise<Data | null>
Function to refresh the session data. If the refresh function returns null, the session will be destroyed.
Parameters
| Parameter | Type | Description |
|---|---|---|
expired |
Data | null |
Expire session data |
Returns
Data | null
update()
update(data): Promise<void>
Update the current session with the provided session data.
Parameters
| Parameter | Type | Description |
|---|---|---|
data |
Data | Update<Data> |
New data or function to update data |
Returns
Promise<void>
Update<Data>
update(prevData) => Data
Function to update previous session data.
Parameters
| Parameter | Type | Description |
|---|---|---|
prevData |
Data | null |
Previous session data |
Returns
Data
Example
import { useSession } from '@hono/session'
import { Hono } from 'hono'
const app = new Hono()
app.use(useSession()).get('/', async (c) => {
const data = await c.var.session.get()
return c.json(data)
})
export default app
With Session storage
import { useSession, useSessionStorage } from '@hono/session'
import type { SessionEnv } from '@hono/session'
import { Hono } from 'hono'
const app = new Hono<SessionEnv>()
app.use(
useSessionStorage({
delete(sid) {},
async get(sid) {},
set(sid, value) {},
}),
useSession()
)
app.get('/', async (c) => {
const data = await c.var.session.get()
return c.json(data)
})
export default app
See also:
Author
Jonathan haines https://github.com/barrythepenguin
License
MIT