Options
All
  • Public
  • Public/Protected
  • All
Menu

Class CookieUserSessionMiddleware

Cookie User Session middleware which uses lib.user-session for session management and HTTP protocol as transport of session id.
Notice that all function members that operate on HTTP response, will set/unset only it's headers, while other parts, like status code, payload etc are left untouched. Also it doesn't send response back to clients, this is the caller job to call send on response.
Caller should also handle all of the exceptions (own and of other libraries) thrown by the methods of this class.

Hierarchy

  • CookieUserSessionMiddleware

Constructors

Accessors

Methods

Constructors

constructor

Accessors

userSessionManager

  • get userSessionManager(): UserSessionManager<UserSessionDevice, HTTPRequestLocation>

  • Get {@link UserSessionManager} instance.

    Returns UserSessionManager<UserSessionDevice, HTTPRequestLocation>

Methods

create

  • create(req: HttpRequest<unknown>, res: HttpResponse<unknown>, subject: string, sessionTtl?: number): Promise<void>

  • Create user session.
    After session creation, sets session id in the response cookies and/or headers, depending on the device from where request was sent.

    Parameters

    • req: HttpRequest<unknown>

      Incoming HTTP request.

    • res: HttpResponse<unknown>

      Outgoing HTTP response.

    • subject: string

      Subject.

    • Optional sessionTtl: number

      Explicit session ttl, has priority over default one.

    Returns Promise<void>

delete

  • delete(req: HttpRequest<unknown>, res: HttpResponse<unknown>, subject: string, sessionId?: undefined | null | string, unsetSessionCookie?: boolean): Promise<void>

  • Delete user session.
    Refresh Token will be extracted from request according to UserSessionOptions.

    Parameters

    • req: HttpRequest<unknown>

      Incoming HTTP request.

    • res: HttpResponse<unknown>

      Outgoing HTTP response.

    • subject: string

      Subject which has the session that needs to be deleted.

    • sessionId: undefined | null | string = ...

      Id of the session to be deleted.
      This parameter is optional, and should be mainly by admins to forcefully end user session.
      CAUTION! When this param is set, you will most probably want to set unsetSessionCookie to false in order to not invalidate session id cookie of the admin.

    • unsetSessionCookie: boolean = true

      Whether to unset session cookie in the res after session deletion.
      This is valid only for requests made from browser devices.
      More information about cookie invalidation can be found here.

    Returns Promise<void>

renew

  • renew(req: HttpRequest<unknown>, res: HttpResponse<unknown>, subject: string, metaData: UserSessionMetaData<UserSessionDevice, HTTPRequestLocation>): Promise<void>

  • Renew user session, by deleting the old one and creating a new one.

    Parameters

    • req: HttpRequest<unknown>

      Incoming HTTP request.

    • res: HttpResponse<unknown>

      Outgoing HTTP response.

    • subject: string

      Subject.

    • metaData: UserSessionMetaData<UserSessionDevice, HTTPRequestLocation>

      User session metadata.

    Returns Promise<void>

verify

  • verify(req: HttpRequest<unknown>, res: HttpResponse<unknown>, subject: string, unsetSessionCookie?: boolean): Promise<UserSessionMetaData<UserSessionDevice, HTTPRequestLocation>>

  • Verify user session.
    Session id will be extracted from request according to UserSessionOptions.
    Depending on the {@link UserSessionManager} config, user session might be renewed, and the new user session id will be set in the headers of response object. Therefore, it's very important that response is sent to client with renewed session id at least.

    Parameters

    • req: HttpRequest<unknown>

      Incoming HTTP request.

    • res: HttpResponse<unknown>

      Outgoing HTTP response.

    • subject: string

      Subject.

    • unsetSessionCookie: boolean = true

      Whether to unset session cookie in the res in case it is not found/expired.
      This is valid only for requests made from browser devices.
      More information about cookie invalidation can be found here.

    Returns Promise<UserSessionMetaData<UserSessionDevice, HTTPRequestLocation>>