-
Notifications
You must be signed in to change notification settings - Fork 2
Sessions
Nadhi-(Kushi) edited this page Apr 1, 2026
·
2 revisions
Session middleware is exported from @http-native/core/session.
import { createApp } from "@http-native/core";
import { session } from "@http-native/core/session";
const app = createApp();
app.use(session({
secret: "your-secret-key",
}));When session middleware is installed, the request gets:
req.sessionIdreq.session.get(key)req.session.set(key, value)req.session.delete(key)req.session.has(key)req.session.destroy()req.session.isDestroyed
app.get("/", (req, res) => {
const views = Number(req.session.get("views") ?? 0) + 1;
req.session.set("views", views);
res.json({ views });
});app.post("/login", (req, res) => {
const body = req.json() ?? {};
if (body.username !== "demo" || body.password !== "demo") {
return res.status(401).json({ error: "Invalid credentials" });
}
req.session.set("userId", 1);
req.session.set("loggedIn", true);
res.json({ ok: true });
});
app.get("/profile", (req, res) => {
if (!req.session.get("loggedIn")) {
return res.status(401).json({ error: "Not logged in" });
}
res.json({ userId: req.session.get("userId") });
});
app.post("/logout", (req, res) => {
req.session.destroy();
res.json({ ok: true });
});-
secret: stringrequired -
maxAge?: numbersession TTL in seconds -
cookieName?: stringdefault"sid" httpOnly?: booleansecure?: booleansameSite?: "strict" | "lax" | "none"path?: stringstore?: MemoryStore | RedisStore | compatible custom store
The session module exports:
sessionMemoryStoreRedisStore
The default store is MemoryStore. It is in-memory and will be cleared when the process exits.
Http-native is open to everyone, but we have strict regulations and licensing fees for large organizations