Package Exports
- hapi-server-session
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (hapi-server-session) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
hapi-server-session
Simple server-side session support for hapi
Install
$ npm install hapi-server-sessionExample
'use strict';
const hapi = require('hapi');
const main = async () => {
const server = new hapi.Server({
host: 'localhost',
address: '127.0.0.1',
port: 8000,
});
await server.register({
plugin: require('..'),
options: {
cookie: {
isSecure: false,
},
},
});
server.route({
method: 'GET',
path: '/',
handler: (request, h) => {
request.session.views = request.session.views + 1 || 1;
return 'Views: ' + request.session.views;
},
});
await server.start();
};
main().catch(console.error);Options
algorithm: [Default:'sha256'] algorithm to use during signingcache: supports the same options asserver.cache(options)expiresIn: [Default: session idexpiresInif set or2147483647] session cache expiration in millisecondssegment: [Default:'session'] session cache segment
cookie: supports the same options asserver.state(name, [options])isSameSite: [Default:'Lax'] sets theSameSiteflag
expiresIn: session id expiration in milliseconds. Prevents intercepted cookies from working perpetually. Requireskeyname: [Default:'id'] name of the cookiekey: signing key. Prevents weaknesses in randomness from affecting overall securitysize: [Default:16] number of random bytes in the session id
Changes
v4.0.0
- support hapi v17
v3.0.0
- default
SameSiteflag toLax. Could break sites that require session during certain kinds of cross site requests. See https://www.owasp.org/index.php/SameSite