Cara menggunakan javascript redirect with session

Dalam website ataupun aplikasi mobile yang dibuat dengan HTML5+JavaScript tentunya anda berurusan dengan beberapa halaman. Semakin kompleks website ataupun aplikasi, maka jumlah halaman bisa menjadi banyak. Untuk mengatur lalu lintas pengunjung dalam mengakses halaman tersebut, terkadang diperlukan pengalihan halaman atau redirect. 

Redirect Adalah?

Redirect merupakan cara untuk mengarahkan pengunjung ke url yang anda inginkan. Misalnya pengunjung mengetik suatu alamat URL yang tidak ada pada website anda, maka anda arahkan ke halaman website tertentu yang menampilkan informasi "halaman yang sedang anda cari, tidak ada" atau bisa juga anda arahkan ke index.html.

Perlu diketahui tentang Redirect

Search Engine seringkali mempermasalahkan apabila anda melakukan pengalihan halaman atau redirect. Tetapi anda dapat mengatasinya dengan melakukan redirect 301. Penjelasan lengkapnya ada di artikel Menggunakan Redirect 301.

Cara Redirect dengan Javascript

Ada banyak cara melakukan redirect masing-masing memiliki perbedaan tapi kesamaannya adalah semua bisa pindah halaman. Bila anda menggunakan JavaScript maka anda dapat menggunakan salah satu dari cara yang umum digunakan berikut:

Redirect dengan location

window.location.replace("https://inkonstellasi.blogspot.com");

atau 

window.location.assign("https://inkonstellasi.blogspot.com");

bisa juga dengan

window.location.href="https://inkonstellasi.blogspot.com";

**note: Anda perlu mengganti alamat dalam kurung diatas ke alamat http yang anda inginkan. 

Kesamaan dan Perbedaan Redirect menggunakan location

Ketiga cara diatas sama-sama dapat mengarahkan url ke url tujuan, tetapi ketiganya berbeda dalam menangani session history. Bila anda tidak menginginkan pengguna menyimpan history informasi dari halaman sebelumnya maka disarankan menggunakan window.location.replace. Tetapi bila anda menginginkan user dapat kembali dengan menggunakan fasilitas back di browser maka anda dapat menggunakan location.href.

Selain cara location diatas anda dapat memanfaatkan history untuk kembali ke halaman sebelumnya

contoh:

window.history.back();

window.history.go(-1);

Bila anda menggunakan Jquery anda juga dapat menggunakan cara berikut ini:

$(location).attr("href","https://inkonstellasi.blogspot.com");

$(window).attr("location","https://inkonstellasi.blogspot.com");

$(location).prop("href","https://inkonstellasi.blogspot.com");

Silahkan menggunakan salah satu atau beberapa cara diatas sesuai kebutuhan. Demikian tulisan kali ini, semoga bermanfaat.

This is a Node.js module available through the npm registry. Installation is done using the

var session = require('express-session')

$ npm install express-session

API

var session = require('express-session')

session(options)

Create a session middleware with the given

var session = require('express-session')

Note Session data is not saved in the cookie itself, just the session ID. Session data is stored server-side.

Note Since version 1.5.0, the

var session = require('express-session')

var session = require('express-session')

var app = express()
app.set('trust proxy', 1) // trust first proxy
app.use(session({
  secret: 'keyboard cat',
  resave: false,
  saveUninitialized: true,
  cookie: { secure: true }
}))

var session = require('express-session')

var app = express()
app.set('trust proxy', 1) // trust first proxy
app.use(session({
  secret: 'keyboard cat',
  resave: false,
  saveUninitialized: true,
  cookie: { secure: true }
}))

var session = require('express-session')

Warning The default server-side session storage,

var app = express()
app.set('trust proxy', 1) // trust first proxy
app.use(session({
  secret: 'keyboard cat',
  resave: false,
  saveUninitialized: true,
  cookie: { secure: true }
}))

For a list of stores, see .

Options

var app = express()
app.set('trust proxy', 1) // trust first proxy
app.use(session({
  secret: 'keyboard cat',
  resave: false,
  saveUninitialized: true,
  cookie: { secure: true }
}))

cookie

Settings object for the session ID cookie. The default value is

var app = express()
app.set('trust proxy', 1) // trust first proxy
app.use(session({
  secret: 'keyboard cat',
  resave: false,
  saveUninitialized: true,
  cookie: { secure: true }
}))

The following are options that can be set in this object.

cookie.domain

Specifies the value for the

var app = express()
app.set('trust proxy', 1) // trust first proxy
app.use(session({
  secret: 'keyboard cat',
  resave: false,
  saveUninitialized: true,
  cookie: { secure: true }
}))

var app = express()
app.set('trust proxy', 1) // trust first proxy
app.use(session({
  secret: 'keyboard cat',
  resave: false,
  saveUninitialized: true,
  cookie: { secure: true }
}))

cookie.expires

Specifies the

var app = express()
app.set('trust proxy', 1) // trust first proxy
app.use(session({
  secret: 'keyboard cat',
  resave: false,
  saveUninitialized: true,
  cookie: { secure: true }
}))

var app = express()
var sess = {
  secret: 'keyboard cat',
  cookie: {}
}

if (app.get('env') === 'production') {
  app.set('trust proxy', 1) // trust first proxy
  sess.cookie.secure = true // serve secure cookies
}

app.use(session(sess))

var app = express()
app.set('trust proxy', 1) // trust first proxy
app.use(session({
  secret: 'keyboard cat',
  resave: false,
  saveUninitialized: true,
  cookie: { secure: true }
}))

Note If both

var app = express()
var sess = {
  secret: 'keyboard cat',
  cookie: {}
}

if (app.get('env') === 'production') {
  app.set('trust proxy', 1) // trust first proxy
  sess.cookie.secure = true // serve secure cookies
}

app.use(session(sess))

var app = express()
var sess = {
  secret: 'keyboard cat',
  cookie: {}
}

if (app.get('env') === 'production') {
  app.set('trust proxy', 1) // trust first proxy
  sess.cookie.secure = true // serve secure cookies
}

app.use(session(sess))

Note The

var app = express()
var sess = {
  secret: 'keyboard cat',
  cookie: {}
}

if (app.get('env') === 'production') {
  app.set('trust proxy', 1) // trust first proxy
  sess.cookie.secure = true // serve secure cookies
}

app.use(session(sess))

var app = express()
var sess = {
  secret: 'keyboard cat',
  cookie: {}
}

if (app.get('env') === 'production') {
  app.set('trust proxy', 1) // trust first proxy
  sess.cookie.secure = true // serve secure cookies
}

app.use(session(sess))

cookie.httpOnly

Specifies the

var app = express()
var sess = {
  secret: 'keyboard cat',
  cookie: {}
}

if (app.get('env') === 'production') {
  app.set('trust proxy', 1) // trust first proxy
  sess.cookie.secure = true // serve secure cookies
}

app.use(session(sess))

var app = express()
var sess = {
  secret: 'keyboard cat',
  cookie: {}
}

if (app.get('env') === 'production') {
  app.set('trust proxy', 1) // trust first proxy
  sess.cookie.secure = true // serve secure cookies
}

app.use(session(sess))

var app = express()
app.set('trust proxy', 1) // trust first proxy
app.use(session({
  secret: 'keyboard cat',
  resave: false,
  saveUninitialized: true,
  cookie: { secure: true }
}))

var app = express()
var sess = {
  secret: 'keyboard cat',
  cookie: {}
}

if (app.get('env') === 'production') {
  app.set('trust proxy', 1) // trust first proxy
  sess.cookie.secure = true // serve secure cookies
}

app.use(session(sess))

var app = express()
var sess = {
  secret: 'keyboard cat',
  cookie: {}
}

if (app.get('env') === 'production') {
  app.set('trust proxy', 1) // trust first proxy
  sess.cookie.secure = true // serve secure cookies
}

app.use(session(sess))

Note be careful when setting this to

app.use(session({
  genid: function(req) {
    return genuuid() // use UUIDs for session IDs
  },
  secret: 'keyboard cat'
}))

app.use(session({
  genid: function(req) {
    return genuuid() // use UUIDs for session IDs
  },
  secret: 'keyboard cat'
}))

cookie.maxAge

Specifies the

app.use(session({
  genid: function(req) {
    return genuuid() // use UUIDs for session IDs
  },
  secret: 'keyboard cat'
}))

var app = express()
var sess = {
  secret: 'keyboard cat',
  cookie: {}
}

if (app.get('env') === 'production') {
  app.set('trust proxy', 1) // trust first proxy
  sess.cookie.secure = true // serve secure cookies
}

app.use(session(sess))

var app = express()
app.set('trust proxy', 1) // trust first proxy
app.use(session({
  secret: 'keyboard cat',
  resave: false,
  saveUninitialized: true,
  cookie: { secure: true }
}))

var app = express()
var sess = {
  secret: 'keyboard cat',
  cookie: {}
}

if (app.get('env') === 'production') {
  app.set('trust proxy', 1) // trust first proxy
  sess.cookie.secure = true // serve secure cookies
}

app.use(session(sess))

var app = express()
var sess = {
  secret: 'keyboard cat',
  cookie: {}
}

if (app.get('env') === 'production') {
  app.set('trust proxy', 1) // trust first proxy
  sess.cookie.secure = true // serve secure cookies
}

app.use(session(sess))

Note If both

var app = express()
var sess = {
  secret: 'keyboard cat',
  cookie: {}
}

if (app.get('env') === 'production') {
  app.set('trust proxy', 1) // trust first proxy
  sess.cookie.secure = true // serve secure cookies
}

app.use(session(sess))

var app = express()
var sess = {
  secret: 'keyboard cat',
  cookie: {}
}

if (app.get('env') === 'production') {
  app.set('trust proxy', 1) // trust first proxy
  sess.cookie.secure = true // serve secure cookies
}

app.use(session(sess))

cookie.path

Specifies the value for the

// Use the session middleware
app.use(session({ secret: 'keyboard cat', cookie: { maxAge: 60000 }}))

// Access the session as req.session
app.get('/', function(req, res, next) {
  if (req.session.views) {
    req.session.views++
    res.setHeader('Content-Type', 'text/html')
    res.write('
views: ' + req.session.views + '
')
    res.write('
expires in: ' + (req.session.cookie.maxAge / 1000) + 's
')
    res.end()
  } else {
    req.session.views = 1
    res.end('welcome to the session demo. refresh!')
  }
})

var app = express()
app.set('trust proxy', 1) // trust first proxy
app.use(session({
  secret: 'keyboard cat',
  resave: false,
  saveUninitialized: true,
  cookie: { secure: true }
}))

// Use the session middleware
app.use(session({ secret: 'keyboard cat', cookie: { maxAge: 60000 }}))

// Access the session as req.session
app.get('/', function(req, res, next) {
  if (req.session.views) {
    req.session.views++
    res.setHeader('Content-Type', 'text/html')
    res.write('
views: ' + req.session.views + '
')
    res.write('
expires in: ' + (req.session.cookie.maxAge / 1000) + 's
')
    res.end()
  } else {
    req.session.views = 1
    res.end('welcome to the session demo. refresh!')
  }
})

cookie.sameSite

Specifies the

var app = express()
var sess = {
  secret: 'keyboard cat',
  cookie: {}
}

if (app.get('env') === 'production') {
  app.set('trust proxy', 1) // trust first proxy
  sess.cookie.secure = true // serve secure cookies
}

app.use(session(sess))

// Use the session middleware
app.use(session({ secret: 'keyboard cat', cookie: { maxAge: 60000 }}))

// Access the session as req.session
app.get('/', function(req, res, next) {
  if (req.session.views) {
    req.session.views++
    res.setHeader('Content-Type', 'text/html')
    res.write('
views: ' + req.session.views + '
')
    res.write('
expires in: ' + (req.session.cookie.maxAge / 1000) + 's
')
    res.end()
  } else {
    req.session.views = 1
    res.end('welcome to the session demo. refresh!')
  }
})

// Use the session middleware
app.use(session({ secret: 'keyboard cat', cookie: { maxAge: 60000 }}))

// Access the session as req.session
app.get('/', function(req, res, next) {
  if (req.session.views) {
    req.session.views++
    res.setHeader('Content-Type', 'text/html')
    res.write('
views: ' + req.session.views + '
')
    res.write('
expires in: ' + (req.session.cookie.maxAge / 1000) + 's
')
    res.end()
  } else {
    req.session.views = 1
    res.end('welcome to the session demo. refresh!')
  }
})

var app = express()
app.set('trust proxy', 1) // trust first proxy
app.use(session({
  secret: 'keyboard cat',
  resave: false,
  saveUninitialized: true,
  cookie: { secure: true }
}))

// Use the session middleware
app.use(session({ secret: 'keyboard cat', cookie: { maxAge: 60000 }}))

// Access the session as req.session
app.get('/', function(req, res, next) {
  if (req.session.views) {
    req.session.views++
    res.setHeader('Content-Type', 'text/html')
    res.write('
views: ' + req.session.views + '
')
    res.write('
expires in: ' + (req.session.cookie.maxAge / 1000) + 's
')
    res.end()
  } else {
    req.session.views = 1
    res.end('welcome to the session demo. refresh!')
  }
})

• app.use(session({
    genid: function(req) {
      return genuuid() // use UUIDs for session IDs
    },
    secret: 'keyboard cat'
  }))
  

  1 will set the

  // Use the session middleware
  app.use(session({ secret: 'keyboard cat', cookie: { maxAge: 60000 }}))
  
  // Access the session as req.session
  app.get('/', function(req, res, next) {
    if (req.session.views) {
      req.session.views++
      res.setHeader('Content-Type', 'text/html')
      res.write('
  views: ' + req.session.views + '
  ')
      res.write('
  expires in: ' + (req.session.cookie.maxAge / 1000) + 's
  ')
      res.end()
    } else {
      req.session.views = 1
      res.end('welcome to the session demo. refresh!')
    }
  })
  

  5 attribute to

  req.session.regenerate(function(err) {
    // will have a new session here
  })
  

  0 for strict same site enforcement.

• // Use the session middleware
  app.use(session({ secret: 'keyboard cat', cookie: { maxAge: 60000 }}))
  
  // Access the session as req.session
  app.get('/', function(req, res, next) {
    if (req.session.views) {
      req.session.views++
      res.setHeader('Content-Type', 'text/html')
      res.write('
  views: ' + req.session.views + '
  ')
      res.write('
  expires in: ' + (req.session.cookie.maxAge / 1000) + 's
  ')
      res.end()
    } else {
      req.session.views = 1
      res.end('welcome to the session demo. refresh!')
    }
  })
  

  7 will not set the

  // Use the session middleware
  app.use(session({ secret: 'keyboard cat', cookie: { maxAge: 60000 }}))
  
  // Access the session as req.session
  app.get('/', function(req, res, next) {
    if (req.session.views) {
      req.session.views++
      res.setHeader('Content-Type', 'text/html')
      res.write('
  views: ' + req.session.views + '
  ')
      res.write('
  expires in: ' + (req.session.cookie.maxAge / 1000) + 's
  ')
      res.end()
    } else {
      req.session.views = 1
      res.end('welcome to the session demo. refresh!')
    }
  })
  

  5 attribute.

• req.session.regenerate(function(err) {
    // will have a new session here
  })
  

  3 will set the

  // Use the session middleware
  app.use(session({ secret: 'keyboard cat', cookie: { maxAge: 60000 }}))
  
  // Access the session as req.session
  app.get('/', function(req, res, next) {
    if (req.session.views) {
      req.session.views++
      res.setHeader('Content-Type', 'text/html')
      res.write('
  views: ' + req.session.views + '
  ')
      res.write('
  expires in: ' + (req.session.cookie.maxAge / 1000) + 's
  ')
      res.end()
    } else {
      req.session.views = 1
      res.end('welcome to the session demo. refresh!')
    }
  })
  

  5 attribute to

  req.session.regenerate(function(err) {
    // will have a new session here
  })
  

  5 for lax same site enforcement.

• req.session.regenerate(function(err) {
    // will have a new session here
  })
  

  6 will set the

  // Use the session middleware
  app.use(session({ secret: 'keyboard cat', cookie: { maxAge: 60000 }}))
  
  // Access the session as req.session
  app.get('/', function(req, res, next) {
    if (req.session.views) {
      req.session.views++
      res.setHeader('Content-Type', 'text/html')
      res.write('
  views: ' + req.session.views + '
  ')
      res.write('
  expires in: ' + (req.session.cookie.maxAge / 1000) + 's
  ')
      res.end()
    } else {
      req.session.views = 1
      res.end('welcome to the session demo. refresh!')
    }
  })
  

  5 attribute to

  req.session.regenerate(function(err) {
    // will have a new session here
  })
  

  8 for an explicit cross-site cookie.

• req.session.regenerate(function(err) {
    // will have a new session here
  })
  

  9 will set the

  // Use the session middleware
  app.use(session({ secret: 'keyboard cat', cookie: { maxAge: 60000 }}))
  
  // Access the session as req.session
  app.get('/', function(req, res, next) {
    if (req.session.views) {
      req.session.views++
      res.setHeader('Content-Type', 'text/html')
      res.write('
  views: ' + req.session.views + '
  ')
      res.write('
  expires in: ' + (req.session.cookie.maxAge / 1000) + 's
  ')
      res.end()
    } else {
      req.session.views = 1
      res.end('welcome to the session demo. refresh!')
    }
  })
  

  5 attribute to

  req.session.regenerate(function(err) {
    // will have a new session here
  })
  

  0 for strict same site enforcement.

More information about the different enforcement levels can be found in .

Note This is an attribute that has not yet been fully standardized, and may change in the future. This also means many clients may ignore this attribute until they understand it.

Note There is a draft spec that requires that the

req.session.destroy(function(err) {
  // cannot access session here
})

app.use(session({
  genid: function(req) {
    return genuuid() // use UUIDs for session IDs
  },
  secret: 'keyboard cat'
}))

// Use the session middleware
app.use(session({ secret: 'keyboard cat', cookie: { maxAge: 60000 }}))

// Access the session as req.session
app.get('/', function(req, res, next) {
  if (req.session.views) {
    req.session.views++
    res.setHeader('Content-Type', 'text/html')
    res.write('
views: ' + req.session.views + '
')
    res.write('
expires in: ' + (req.session.cookie.maxAge / 1000) + 's
')
    res.end()
  } else {
    req.session.views = 1
    res.end('welcome to the session demo. refresh!')
  }
})

req.session.regenerate(function(err) {
  // will have a new session here
})

cookie.secure

Specifies the

var app = express()
var sess = {
  secret: 'keyboard cat',
  cookie: {}
}

if (app.get('env') === 'production') {
  app.set('trust proxy', 1) // trust first proxy
  sess.cookie.secure = true // serve secure cookies
}

app.use(session(sess))

req.session.destroy(function(err) {
  // cannot access session here
})

var app = express()
app.set('trust proxy', 1) // trust first proxy
app.use(session({
  secret: 'keyboard cat',
  resave: false,
  saveUninitialized: true,
  cookie: { secure: true }
}))

req.session.destroy(function(err) {
  // cannot access session here
})

req.session.destroy(function(err) {
  // cannot access session here
})

Note be careful when setting this to

app.use(session({
  genid: function(req) {
    return genuuid() // use UUIDs for session IDs
  },
  secret: 'keyboard cat'
}))

Please note that

req.session.reload(function(err) {
  // session updated
})

req.session.reload(function(err) {
  // session updated
})

req.session.reload(function(err) {
  // session updated
})

var app = express()
app.set('trust proxy', 1) // trust first proxy
app.use(session({
  secret: 'keyboard cat',
  resave: false,
  saveUninitialized: true,
  cookie: { secure: true }
}))

For using secure cookies in production, but allowing for testing in development, the following is an example of enabling this setup based on

req.session.reload(function(err) {
  // session updated
})

var app = express()
var sess = {
  secret: 'keyboard cat',
  cookie: {}
}

if (app.get('env') === 'production') {
  app.set('trust proxy', 1) // trust first proxy
  sess.cookie.secure = true // serve secure cookies
}

app.use(session(sess))

The

req.session.reload(function(err) {
  // session updated
})

req.session.reload(function(err) {
  // session updated
})

req.session.reload(function(err) {
  // session updated
})

genid

Function to call to generate a new session ID. Provide a function that returns a string that will be used as a session ID. The function is given

var session = require('express-session')

var session = require('express-session')

The default value is a function which uses the

req.session.save(function(err) {
  // session saved
})

NOTE be careful to generate unique IDs so your sessions do not conflict.

app.use(session({
  genid: function(req) {
    return genuuid() // use UUIDs for session IDs
  },
  secret: 'keyboard cat'
}))

name

The name of the session ID cookie to set in the response (and read from in the request).

The default value is

req.session.save(function(err) {
  // session saved
})

Note if you have multiple apps running on the same hostname (this is just the name, i.e.

req.session.save(function(err) {
  // session saved
})

req.session.save(function(err) {
  // session saved
})

req.session.save(function(err) {
  // session saved
})

proxy

Trust the reverse proxy when setting secure cookies (via the “X-Forwarded-Proto” header).

The default value is

req.session.save(function(err) {
  // session saved
})

• app.use(session({
    genid: function(req) {
      return genuuid() // use UUIDs for session IDs
    },
    secret: 'keyboard cat'
  }))
  

  1 The “X-Forwarded-Proto” header will be used.

• // Use the session middleware
  app.use(session({ secret: 'keyboard cat', cookie: { maxAge: 60000 }}))
  
  // Access the session as req.session
  app.get('/', function(req, res, next) {
    if (req.session.views) {
      req.session.views++
      res.setHeader('Content-Type', 'text/html')
      res.write('
  views: ' + req.session.views + '
  
  
  
  ')
      res.write('
  expires in: ' + (req.session.cookie.maxAge / 1000) + 's
  ')
      res.end()
    } else {
      req.session.views = 1
      res.end('welcome to the session demo. refresh!')
    }
  })
  

  7 All headers are ignored and the connection is considered secure only if there is a direct TLS/SSL connection.

• req.session.save(function(err) {
    // session saved
  })
  

  6 Uses the “trust proxy” setting from express

resave

Forces the session to be saved back to the session store, even if the session was never modified during the request. Depending on your store this may be necessary, but it can also create race conditions where a client makes two parallel requests to your server and changes made to the session in one request may get overwritten when the other request ends, even if it made no changes (this behavior also depends on what store you’re using).

The default value is

app.use(session({
  genid: function(req) {
    return genuuid() // use UUIDs for session IDs
  },
  secret: 'keyboard cat'
}))

// Use the session middleware
app.use(session({ secret: 'keyboard cat', cookie: { maxAge: 60000 }}))

// Access the session as req.session
app.get('/', function(req, res, next) {
  if (req.session.views) {
    req.session.views++
    res.setHeader('Content-Type', 'text/html')
    res.write('
views: ' + req.session.views + '
')
    res.write('
expires in: ' + (req.session.cookie.maxAge / 1000) + 's
')
    res.end()
  } else {
    req.session.views = 1
    res.end('welcome to the session demo. refresh!')
  }
})

How do I know if this is necessary for my store? The best way to know is to check with your store if it implements the

var session = require('express-session')

var session = require('express-session')

var session = require('express-session')

var session = require('express-session')

rolling

Force the session identifier cookie to be set on every response. The expiration is reset to the original , resetting the expiration countdown.

The default value is

// Use the session middleware
app.use(session({ secret: 'keyboard cat', cookie: { maxAge: 60000 }}))

// Access the session as req.session
app.get('/', function(req, res, next) {
  if (req.session.views) {
    req.session.views++
    res.setHeader('Content-Type', 'text/html')
    res.write('
views: ' + req.session.views + '
')
    res.write('
expires in: ' + (req.session.cookie.maxAge / 1000) + 's
')
    res.end()
  } else {
    req.session.views = 1
    res.end('welcome to the session demo. refresh!')
  }
})

With this enabled, the session identifier cookie will expire in since the last response was sent instead of in since the session was last modified by the server.

This is typically used in conjuction with short, non-session-length values to provide a quick timeout of the session data with reduced potential of it occurring during on going server interactions.

Note When this option is set to

app.use(session({
  genid: function(req) {
    return genuuid() // use UUIDs for session IDs
  },
  secret: 'keyboard cat'
}))

var session = require('express-session')

// Use the session middleware
app.use(session({ secret: 'keyboard cat', cookie: { maxAge: 60000 }}))

// Access the session as req.session
app.get('/', function(req, res, next) {
  if (req.session.views) {
    req.session.views++
    res.setHeader('Content-Type', 'text/html')
    res.write('
views: ' + req.session.views + '
')
    res.write('
expires in: ' + (req.session.cookie.maxAge / 1000) + 's
')
    res.end()
  } else {
    req.session.views = 1
    res.end('welcome to the session demo. refresh!')
  }
})

saveUninitialized

Forces a session that is “uninitialized” to be saved to the store. A session is uninitialized when it is new but not modified. Choosing

// Use the session middleware
app.use(session({ secret: 'keyboard cat', cookie: { maxAge: 60000 }}))

// Access the session as req.session
app.get('/', function(req, res, next) {
  if (req.session.views) {
    req.session.views++
    res.setHeader('Content-Type', 'text/html')
    res.write('
views: ' + req.session.views + '
')
    res.write('
expires in: ' + (req.session.cookie.maxAge / 1000) + 's
')
    res.end()
  } else {
    req.session.views = 1
    res.end('welcome to the session demo. refresh!')
  }
})

// Use the session middleware
app.use(session({ secret: 'keyboard cat', cookie: { maxAge: 60000 }}))

// Access the session as req.session
app.get('/', function(req, res, next) {
  if (req.session.views) {
    req.session.views++
    res.setHeader('Content-Type', 'text/html')
    res.write('
views: ' + req.session.views + '
')
    res.write('
expires in: ' + (req.session.cookie.maxAge / 1000) + 's
')
    res.end()
  } else {
    req.session.views = 1
    res.end('welcome to the session demo. refresh!')
  }
})

The default value is

app.use(session({
  genid: function(req) {
    return genuuid() // use UUIDs for session IDs
  },
  secret: 'keyboard cat'
}))

Note if you are using Session in conjunction with PassportJS, Passport will add an empty Passport object to the session for use after a user is authenticated, which will be treated as a modification to the session, causing it to be saved. This has been fixed in PassportJS 0.3.0

secret

Required option

This is the secret used to sign the session ID cookie. This can be either a string for a single secret, or an array of multiple secrets. If an array of secrets is provided, only the first element will be used to sign the session ID cookie, while all the elements will be considered when verifying the signature in requests. The secret itself should be not easily parsed by a human and would best be a random set of characters. A best practice may include:

• The use of environment variables to store the secret, ensuring the secret itself does not exist in your repository.
• Periodic updates of the secret, while ensuring the previous secret is in the array.

Using a secret that cannot be guessed will reduce the ability to hijack a session to only guessing the session ID (as determined by the

var session = require('express-session')

Changing the secret value will invalidate all existing sessions. In order to rotate the secret without invalidating sessions, provide an array of secrets, with the new secret as first element of the array, and including previous secrets as the later elements.

store

The session store instance, defaults to a new

var app = express()
app.set('trust proxy', 1) // trust first proxy
app.use(session({
  secret: 'keyboard cat',
  resave: false,
  saveUninitialized: true,
  cookie: { secure: true }
}))

unset

Control the result of unsetting

var session = require('express-session')

var session = require('express-session')

var session = require('express-session')

The default value is

var session = require('express-session')

• var session = require('express-session')
  

  23 The session will be destroyed (deleted) when the response ends.

• var session = require('express-session')
  

  22 The session in the store will be kept, but modifications made during the request are ignored and not saved.

req.session

To store or access session data, simply use the request property

var session = require('express-session')

// Use the session middleware
app.use(session({ secret: 'keyboard cat', cookie: { maxAge: 60000 }}))

// Access the session as req.session
app.get('/', function(req, res, next) {
  if (req.session.views) {
    req.session.views++
    res.setHeader('Content-Type', 'text/html')
    res.write('
views: ' + req.session.views + '
')
    res.write('
expires in: ' + (req.session.cookie.maxAge / 1000) + 's
')
    res.end()
  } else {
    req.session.views = 1
    res.end('welcome to the session demo. refresh!')
  }
})

Session.regenerate(callback)

To regenerate the session simply invoke the method. Once complete, a new SID and

var session = require('express-session')

var session = require('express-session')

var session = require('express-session')

req.session.regenerate(function(err) {
  // will have a new session here
})

Session.destroy(callback)

Destroys the session and will unset the

var session = require('express-session')

var session = require('express-session')

req.session.destroy(function(err) {
  // cannot access session here
})

Session.reload(callback)

Reloads the session data from the store and re-populates the

var session = require('express-session')

var session = require('express-session')

req.session.reload(function(err) {
  // session updated
})

Session.save(callback)

Save the session back to the store, replacing the contents on the store with the contents in memory (though a store may do something else–consult the store’s documentation for exact behavior).

This method is automatically called at the end of the HTTP response if the session data has been altered (though this behavior can be altered with various options in the middleware constructor). Because of this, typically this method does not need to be called.

There are some cases where it is useful to call this method, for example, redirects, long-lived requests or in WebSockets.

req.session.save(function(err) {
  // session saved
})

Session.touch()

Updates the

var session = require('express-session')

req.session.id

Each session has a unique ID associated with it. This property is an alias of and cannot be modified. It has been added to make the session ID accessible from the

var session = require('express-session')

req.session.cookie

Each session has a unique cookie object accompany it. This allows you to alter the session cookie per visitor. For example we can set

var session = require('express-session')

// Use the session middleware
app.use(session({ secret: 'keyboard cat', cookie: { maxAge: 60000 }}))

// Access the session as req.session
app.get('/', function(req, res, next) {
  if (req.session.views) {
    req.session.views++
    res.setHeader('Content-Type', 'text/html')
    res.write('
views: ' + req.session.views + '
')
    res.write('
expires in: ' + (req.session.cookie.maxAge / 1000) + 's
')
    res.end()
  } else {
    req.session.views = 1
    res.end('welcome to the session demo. refresh!')
  }
})

Cookie.maxAge

Alternatively

var session = require('express-session')

var session = require('express-session')

var session = require('express-session')

For example when

var app = express()
var sess = {
  secret: 'keyboard cat',
  cookie: {}
}

if (app.get('env') === 'production') {
  app.set('trust proxy', 1) // trust first proxy
  sess.cookie.secure = true // serve secure cookies
}

app.use(session(sess))

var session = require('express-session')

var session = require('express-session')

var session = require('express-session')

var session = require('express-session')

var session = require('express-session')

Cookie.originalMaxAge

The

var session = require('express-session')

var app = express()
var sess = {
  secret: 'keyboard cat',
  cookie: {}
}

if (app.get('env') === 'production') {
  app.set('trust proxy', 1) // trust first proxy
  sess.cookie.secure = true // serve secure cookies
}

app.use(session(sess))

req.sessionID

To get the ID of the loaded session, access the request property

var session = require('express-session')

Session Store Implementation

Every session store must be an

var session = require('express-session')

• Required methods are ones that this module will always call on the store.
• Recommended methods are ones that this module will call on the store if available.
• Optional methods are ones this module does not call at all, but helps present uniform stores to users.

For an example implementation view the connect-redis repo.

store.all(callback)

Optional

This optional method is used to get all sessions in the store as an array. The

var session = require('express-session')

var session = require('express-session')

store.destroy(sid, callback)

Required

This required method is used to destroy/delete a session from the store given a session ID (

var session = require('express-session')

var session = require('express-session')

var session = require('express-session')

store.clear(callback)

Optional

This optional method is used to delete all sessions from the store. The

var session = require('express-session')

var session = require('express-session')

store.length(callback)

Optional

This optional method is used to get the count of all sessions in the store. The

var session = require('express-session')

var session = require('express-session')

store.get(sid, callback)

Required

This required method is used to get a session from the store given a session ID (

var session = require('express-session')

var session = require('express-session')

var session = require('express-session')

The

var session = require('express-session')

var session = require('express-session')

req.session.save(function(err) {
  // session saved
})

var session = require('express-session')

var session = require('express-session')

store.set(sid, session, callback)

Required

This required method is used to upsert a session into the store given a session ID (

var session = require('express-session')

var session = require('express-session')

var session = require('express-session')

store.touch(sid, session, callback)

Recommended

This recommended method is used to “touch” a given session given a session ID (

var session = require('express-session')

var session = require('express-session')

var session = require('express-session')

var session = require('express-session')

This is primarily used when the store will automatically delete idle sessions and this method is used to signal to the store the given session is active, potentially resetting the idle timer.

Compatible Session Stores

The following modules implement a session store that is compatible with this module. Please make a PR to add additional modules :)

aerospike-session-store A session store using Aerospike.

better-sqlite3-session-store A session store based on better-sqlite3.

cassandra-store An Apache Cassandra-based session store.

cluster-store A wrapper for using in-process / embedded stores - such as SQLite (via knex), leveldb, files, or memory - with node cluster (desirable for Raspberry Pi 2 and other multi-core embedded devices).

connect-arango An ArangoDB-based session store.

connect-azuretables An Azure Table Storage-based session store.

connect-cloudant-store An IBM Cloudant-based session store.

connect-couchbase A couchbase-based session store.

connect-datacache An IBM Bluemix Data Cache-based session store.

@google-cloud/connect-datastore A Google Cloud Datastore-based session store.

connect-db2 An IBM DB2-based session store built using ibm_db module.

connect-dynamodb A DynamoDB-based session store.

@google-cloud/connect-firestore A Google Cloud Firestore-based session store.

connect-hazelcast Hazelcast session store for Connect and Express.

connect-loki A Loki.js-based session store.

connect-lowdb A lowdb-based session store.

connect-memcached A memcached-based session store.

connect-memjs A memcached-based session store using memjs as the memcached client.

connect-ml A MarkLogic Server-based session store.

connect-monetdb A MonetDB-based session store.

connect-mongo A MongoDB-based session store.

connect-mongodb-session Lightweight MongoDB-based session store built and maintained by MongoDB.

connect-mssql-v2 A Microsoft SQL Server-based session store based on connect-mssql.

connect-neo4j A Neo4j-based session store.

connect-pg-simple A PostgreSQL-based session store.

connect-redis A Redis-based session store.

connect-session-firebase A session store based on the Firebase Realtime Database

connect-session-knex A session store using Knex.js, which is a SQL query builder for PostgreSQL, MySQL, MariaDB, SQLite3, and Oracle.

connect-session-sequelize A session store using Sequelize.js, which is a Node.js / io.js ORM for PostgreSQL, MySQL, SQLite and MSSQL.

connect-sqlite3 A SQLite3 session store modeled after the TJ’s

var session = require('express-session')

connect-typeorm A TypeORM-based session store.

couchdb-expression A CouchDB-based session store.

dynamodb-store A DynamoDB-based session store.

express-etcd An etcd based session store.

express-mysql-session A session store using native MySQL via the node-mysql module.

express-nedb-session A NeDB-based session store.

express-oracle-session A session store using native oracle via the node-oracledb module.

express-session-cache-manager A store that implements cache-manager, which supports a .

express-session-etcd3 An etcd3 based session store.

express-session-level A LevelDB based session store.

express-session-rsdb Session store based on Rocket-Store: A very simple, super fast and yet powerfull, flat file database.

express-sessions A session store supporting both MongoDB and Redis.

firestore-store A Firestore-based session store.

fortune-session A Fortune.js based session store. Supports all backends supported by Fortune (MongoDB, Redis, Postgres, NeDB).

hazelcast-store A Hazelcast-based session store built on the Hazelcast Node Client.

level-session-store A LevelDB-based session store.

lowdb-session-store A lowdb-based session store.

medea-session-store A Medea-based session store.

memorystore A memory session store made for production.

mssql-session-store A SQL Server-based session store.

nedb-session-store An alternate NeDB-based (either in-memory or file-persisted) session store.

@quixo3/prisma-session-store A session store for the Prisma Framework.

restsession Store sessions utilizing a RESTful API

sequelstore-connect A session store using Sequelize.js.

session-file-store A file system-based session store.

session-pouchdb-store Session store for PouchDB / CouchDB. Accepts embedded, custom, or remote PouchDB instance and realtime synchronization.

session-rethinkdb A RethinkDB-based session store.

@databunker/session-store A Databunker-based encrypted session store.

sessionstore A session store that works with various databases.

tch-nedb-session A file system session store based on NeDB.

Examples

View counter

A simple example using

var app = express()
app.set('trust proxy', 1) // trust first proxy
app.use(session({
  secret: 'keyboard cat',
  resave: false,
  saveUninitialized: true,
  cookie: { secure: true }
}))

var session = require('express-session')

User login

A simple example using

var app = express()
app.set('trust proxy', 1) // trust first proxy
app.use(session({
  secret: 'keyboard cat',
  resave: false,
  saveUninitialized: true,
  cookie: { secure: true }
}))

var session = require('express-session')

Debugging

This module uses the debug module internally to log information about session operations.

To see all the internal logs, set the

var session = require('express-session')

var app = express()
app.set('trust proxy', 1) // trust first proxy
app.use(session({
  secret: 'keyboard cat',
  resave: false,
  saveUninitialized: true,
  cookie: { secure: true }
}))

var session = require('express-session')