Cookie Swap - Client Session Manager
This library helps to manage a client session cookie in node.js outside of connect/express sessions. It is desirable to maintain a htttpOnly cookie for express sessions (to auth users and prevent replay attacks by snatching the cookie via XSS) while at the same time storing some session state in a cookie that is accessable and modifiable to the client.
The client session is avaliable at req.clientSession, similar to req.session for regular session state in connect/express.
If you have some session state that should be accessable on the client but you do not want to accept any modification of the information when in comes back to the server, you can store it in req.session and add its property name to the option transfer. This will copy the property from req.session into req.clientSession.
Install
$ npm install cookie-swap
Usage
var express =clientSessions = ;var app = ;// Cookie parser is required and must be used before clientSessionsapp;// Client sessions can work alongside regular express cookie sessionsapp;app;// Now you can access the client session from the request objectapp;
Options
keycookie name defaulting to maxwell.sesstransferan array of properties that should be transfered from req.session into the client session so they are accessable on the client. Transferable properties from req.session will override values in req.clientSession. Any transferable properties deleted from req.session will also be deleted from req.clientSession.cookiesession cookie settings, defaulting to{ path: '/', httpOnly: false, maxAge: null }
License
MIT