ArangoDB v3.13 is under development and not released yet. This documentation is not final and potentially incomplete.
Foxx Session Middleware
const sessionMiddleware = require('@arangodb/foxx/sessions');
The session middleware adds the session
and sessionStorage
properties to
the request object and deals with serializing and
deserializing the session as well as extracting session identifiers from
incoming requests and injecting them into outgoing responses.
Examples
// Create a session middleware
const sessions = sessionsMiddleware({
storage: module.context.collection('sessions'),
transport: ['header', 'cookie']
});
// First enable the middleware for this service
module.context.use(sessions);
// Now mount the routers that use the session
const router = createRouter();
module.context.use(router);
router.get('/', function (req, res) {
res.send(`Hello ${req.session.uid || 'anonymous'}!`);
}, 'hello');
router.post('/login', function (req, res) {
req.session.uid = req.body;
req.sessionStorage.save(req.session);
res.redirect(req.reverse('hello'));
});
.body(['text/plain'], 'Username');
Creating a session middleware
sessionMiddleware(options): Middleware
Creates a session middleware.
Arguments
options:
Object
An object with the following properties:
storage:
Storage
Storage that is used to persist the sessions.
The storage is also exposed as the
sessionStorage
on all request objects and as thestorage
property of the middleware.If a string or collection is passed instead of a Storage, it is used to create a Collection Storage.
transport:
Transport | Array<Transport>
Transport or array of transports that is used to extract the session identifiers from incoming requests and inject them into outgoing responses. When attempting to extract a session identifier, the transports are used in the order specified until a match is found. When injecting (or clearing) session identifiers, all transports are invoked.
The transports are also exposed as the
transport
property of the middleware.If the string
"cookie"
is passed instead of a Transport, the Cookie Transport are used with the default settings instead.If the string
"header"
is passed instead of a Transport, the Header Transport are used with the default settings instead.autoCreate:
boolean
(Default:true
)If enabled the session storage’s
new
method is invoked to create an empty session whenever the transport failed to return a session for the incoming request. Otherwise, the session is initialized asnull
.
Returns the session middleware.