npmpackage.info

Gathering detailed insights and metrics for koa-session-minimal

Other packages similar to koa-session-minimal

@types/koa-session-minimal

3.0.11

TypeScript definitions for koa-session-minimal

@yir/koa-redis

0.0.2

koa session with redis using koa-session-minimal/koa-session

Gathering detailed insights and metrics for koa-session-minimal

koa-session-minimal - 4.0.3 | npmpackage.info

koa-session-minimal

Minimal implementation of session middleware for Koa 2

4.0.3

MIT

JavaScript

1.92 kB

269,396 1.7

Installations

npm install koa-session-minimal

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Min. Node Version

>= 14

Node Version

18.0.0

NPM Version

8.6.0 Score

69.1

Supply Chain

99.3

Quality

75.4

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

0

Total

13

Closed

9

Merged

4

Issues

Open

0

Total

12

Closed

12

Releases

v4.0.3

Updated on Jul 31, 2022

v4.0.2

Updated on Mar 01, 2022

v4.0.1

Updated on Dec 22, 2020

v4.0.0

Updated on Apr 13, 2020

Release v3.0.4

v3.0.4

Updated on Apr 27, 2017

Release v3.0.3

v3.0.3

Updated on Dec 29, 2016

View All 16 releases

Languages

JavaScript

JavaScript (100%)

Developer

longztian

Download Statistics

Total Downloads

269,396

Last Day

Last Week

224

Last Month

1,031

Last Year

15,255

GitHub Statistics

MIT License

75 Stars

96 Commits

13 Forks

3 Watchers

1 Branches

2 Contributors

Updated on Mar 05, 2023

Bundle Size

5.26 kB

Minified

1.92 kB

Minified + Gzipped

Bundlephobia

Maintainers

View All 2 Contributors

Package Meta Information

Latest Version

4.0.3

Package Id

koa-session-minimal@4.0.3

Unpacked Size

11.58 kB

Size

4.55 kB

File Count

NPM Version

8.6.0

Node Version

18.0.0

Total Downloads

Cumulative downloads

Total Downloads

269,396

Last Day

-44.4%

Compared to previous day

Last Week

-26.3%

224

Compared to previous week

Last Month

6.6%

1,031

Compared to previous month

Last Year

-25.6%

15,255

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

co fast-deep-equal uid-safe

Dev Dependencies

chai eslint eslint-config-airbnb-base eslint-plugin-import koa koa-redis mocha nyc supertest

koa-session-minimal

Native Koa 2 session middleware, inspired by and compatible with koa-generic-session. This can be used as a drop-in replacement for koa-generic-session in Koa 2.

This rewrite implements koa-generic-session's essential interfaces, with around 100 lines of code in ES6. It supports existing session stores for koa-generic-session.

Version 4+ requires node 8+. Please use v3.0.4 for node versions older than 8.

Minimum features and storage usage

This middleware guarantees the following:

Minimum data generation and storage. No session data modification / pollution.
- Neither a cookie nor a session store record is created unless session data gets populated by other middlewares.
- Cookie options are not saved in the ctx.session object or session store (try to address this concern).
Minimum updates on cookie and session store. Cookie and session store only get updated when session data has been changed.
- When ctx.session gets updated (is a non-empty object), cookie and store data will be updated with new values and new expiration time (maxAge).
- When ctx.session gets cleared ( = {} or null ), cookie and store data will be deleted.
- If a session has not been updated within maxAge, its data will be expired.
Minimum public interfaces and configuration options.
- Cookie options: maxAge, path, domain, secure, httpOnly
- Session interfaces: session, sessionHandler { regenerateId() }
- Store interfaces: get(), set(), destroy()

Installation

1$ npm install koa-session-minimal

Usage

1const Koa = require('koa')
2const session = require('koa-session-minimal')
3const redisStore = require('koa-redis')
4
5const app = new Koa()
6
7app.use(session({
8  store: redisStore()
9}))
10
11// count middleware, increment when url = /add
12app.use(async (ctx, next) => {
13  ctx.session.count = ctx.session.count || 0
14  if (ctx.path === '/add') ctx.session.count++
15
16  await next()
17
18  ctx.body = ctx.session.count
19})
20
21app.listen(3000)

Interfaces

session data via ctx.session (the same way as koa-generic-session)
session methods via ctx.sessionHandler
- regenerateId(): regenerate session id

Options

key: session cookie name and store key prefix
store: session store
cookie: cookie options, can be an object (static cookie options) or a function that returns an object (dynamic cookie options). Only maxAge, path, domain, secure, httpOnly are supported as option keys (see option details in cookies module).

Session expiration

Default session has settings cookie.maxAge = 0 for cookie and ttl = ONE_DAY for session store, means that a session will be expired in one of the following circumstances:

A user close the browser window (transient cookie ends)
Session data hasn't been updated within ONE_DAY (storage expires)

With settings that cookie.maxAge > 0, the ttl for store data will be always the same as maxAge.

Dynamic session expiration (cookie options)

When setting cookie option to a plain object, all sessions will use the same cookie options. If a function is assigned to cookie, cookie options will be dynamically calculated at each (non-empty) session's saving stage. For example, you can use an arrow function to set different maxAge for user and guest sessions, as below:

1session({
2  cookie: ctx => ({
3    maxAge: ctx.session.user ? ONE_MONTH : 0
4  })
5})

Session security

Middlewares are recommended to call sessionHandler.regenerateId() during authentication state change (login). This middleware provides the essential interface, It will be other middleware's decision on when and how often they want to roll the session id.

NOTE: Below is mostly copied from koa-generic-session's README, because the two middlewares share the same store interfaces. Any store that implements koa-generic-session's store interfaces should also work with koa-session-minimal. koa-redis is tested as an example in test/store_redis.test.js

Session store

You can use any other store to replace the default MemoryStore, it just needs to follow this api:

get(sid): get session object by sid
set(sid, sess, ttl): set session object for sid, with a ttl (in ms)
destroy(sid): destroy session for sid

the api needs to return a Promise, Thunk, generator, or an async function.

Stores presented

koa-redis to store your session data with redis.
koa-mysql-session to store your session data with MySQL.
koa-generic-session-mongo to store your session data with MongoDB.
koa-pg-session to store your session data with PostgreSQL.
koa-generic-session-rethinkdb to store your session data with ReThinkDB.
koa-sqlite3-session to store your session data with SQLite3.
koa-generic-session-sequelize to store your session data with the Sequelize ORM.

License

MIT

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

0

Maintained

Determines if the project is "actively maintained".

0

SAST

Determines if the project uses static code analysis.

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Score

1.7

/10

Last Scanned on 2025-06-23

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More