ArangoDB v3.4 reached End of Life (EOL) and is no longer supported.
This documentation is outdated. Please see the most recent version here: Latest Docs
Session Middleware
const sessionMiddleware = require('@arangodb/foxx/sessions');
The session middleware adds the session
and sessionStorage
properties to
the request object and deals with serializing and
deserializing the session as well as extracting session identifiers from
incoming requests and injecting them into outgoing responses.
Examples
// Create a session middleware
const sessions = sessionsMiddleware({
storage: module.context.collection('sessions'),
transport: ['header', 'cookie']
});
// First enable the middleware for this service
module.context.use(sessions);
// Now mount the routers that use the session
const router = createRouter();
module.context.use(router);
router.get('/', function (req, res) {
res.send(`Hello ${req.session.uid || 'anonymous'}!`);
}, 'hello');
router.post('/login', function (req, res) {
req.session.uid = req.body;
req.sessionStorage.save(req.session);
res.redirect(req.reverse('hello'));
});
.body(['text/plain'], 'Username');
Creating a session middleware
sessionMiddleware(options): Middleware
Creates a session middleware.
Arguments
-
options:
Object
An object with the following properties:
-
storage:
Storage
Storage that will be used to persist the sessions.
The storage is also exposed as the
sessionStorage
on all request objects and as thestorage
property of the middleware.If a string or collection is passed instead of a Storage, it will be used to create a Collection Storage.
-
transport:
Transport | Array<Transport>
Transport or array of transports that will be used to extract the session identifiers from incoming requests and inject them into outgoing responses. When attempting to extract a session identifier, the transports will be used in the order specified until a match is found. When injecting (or clearing) session identifiers, all transports will be invoked.
The transports are also exposed as the
transport
property of the middleware.If the string
"cookie"
is passed instead of a Transport, the Cookie Transport will be used with the default settings instead.If the string
"header"
is passed instead of a Transport, the Header Transport will be used with the default settings instead. -
autoCreate:
boolean
(Default:true
)If enabled the session storage’s
new
method will be invoked to create an empty session whenever the transport failed to return a session for the incoming request. Otherwise the session will be initialized asnull
.
-
Returns the session middleware.