express-session 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.| Name | Version | Size | License | Type | Vulnerabilities |
|---|---|---|---|---|---|
| cookie-signature | 1.0.6 | 2.06 kB | MIT | prod | |
| cookie | 0.1.3 | 2.77 kB | MIT | prod | |
| crc | 3.3.0 | 9.52 kB | MIT | prod | |
| debug | 2.2.0 | 10.05 kB | MIT | prod | 1 1 1 1 |
| depd | 1.0.1 | 8.33 kB | MIT | prod | |
| on-headers | 1.0.2 | 3.15 kB | MIT | prod | |
| parseurl | 1.3.3 | 3.86 kB | MIT | prod | |
| uid-safe | 2.0.0 | 2.87 kB | MIT | prod | 1 |
| utils-merge | 1.0.0 | 1.65 kB | MIT | prod |
Express-Session is a simple session middleware for Express. Express-Session creates a session middleware with the given options. It's important to note that the session data is not saved in the cookie itself, just the session ID. Session data is stored server-side. Its default server-side session storage, MemoryStore, is not designed for a production environment as it will leak memory under most conditions, does not scale past a single process, and is primarily designed for debugging and developing.
To use Express-Session in your JavaScript application, you should first install it from the npm registry using the command: npm install express-session. After the installation is complete, you can require it in your application like so:
var session = require('express-session')
app.use(session({
secret: 'keyboard cat',
resave: false,
saveUninitialized: true,
cookie: { secure: true }
}))
In the example above, the express-session middleware is used with secret as 'keyboard cat', and resave and saveUninitialized options set as false and true respectively. The cookie option is set with the secure property as true.
If you are using Express in conjunction with a reverse proxy and the "trust proxy" setting is set to 1, you can use this sample code:
var app = express()
app.set('trust proxy', 1) // trust first proxy
app.use(session({
secret: 'keyboard cat',
resave: false,
saveUninitialized: true,
cookie: { secure: true }
}))
The Express-session documentation is available directly in the npm package repository. You can find everything you need to know about Express-Session, including installation, API details, options, request properties, compatible session stores, and more in the Express-session's npm documentation at https://www.npmjs.com/package/express-session. Also, the repository for the Express-session project is on Github at git+https://github.com/expressjs/session.git.
