How to create a session middleware?

Sat Nov 19 2016 18:19:51 GMT+0100 (CET), Peter Širka

How to create a session middleware?

We create a simple middleware

You can save the code below as your-app/definitions/session.js:

const COOKIE = '__session';
const TIMEOUT = '10 minutes';
const SESSION = {};

// We register a new middleware `session`
F.middleware('session', function(req, res, next, options, controller) {

    var cookie = req.cookie(COOKIE);
    var ip = req.ip.hash().toString();

    // A simple prevention for session hijacking
    if (cookie) {
        var arr = cookie.split('|');
        if (arr[1] !== ip)
            cookie = null;
    }

    if (!cookie) {
        cookie = U.GUID(15) + '|' + ip;

        // Writes cookie
        res.cookie(COOKIE, cookie);
    }

    var session = SESSION[cookie];
    if (session)
        req.session = session;
    else
        SESSION[cookie] = req.session = {};

    // Extends session timeout
    req.session.ticks = F.datetime;
    next();
});

// Clears expired sessions
F.on('service', function(counter) {

    // each 2 minutes
    if (counter % 2 !== 0)
        return;

    var ticks = F.datetime.add('-' + TIMEOUT);

    Object.keys(SESSION).forEach(function(key) {
        var session = SESSION[key];
        if (session.ticks < ticks)
            delete SESSION[key];
    });
});
  • constant SESSION contains all active sessions
  • constant TIMEOUT contains expiration time for a session
  • constant COOKIE contains a cookie name

Usage

Now we can use the middleware, so create/modify a controller e.g. /your-app/controllers/default.js:

exports.install = function() {
    F.route('/', view_index, ['#session']);
};

function view_index() {
    // this === controller
    var self = this;

    if (self.session.counter === undefined)
        self.session.counter = 0;

    self.session.counter++;
    self.view('index');
}

What have we done in the code above?

  • we created a route to homepage F.route('/', action, [flags])
  • the route contains session middleware, which we created
  • then we used controller.session in the controller's action

Extend middleware by adding e.g. events

Now it's very easy to extend functionality of middleware. So I extend the code below:

F.middleware('session', function(req, res, next, options, controller) {

    // ...
    // ...
    // ...

    var session = SESSION[cookie];
    if (session)
        req.session = session;
    else {
        SESSION[cookie] = req.session = {};

        // When the session is created then framework emits the event "session-new"
        F.emit('session-new', req, res, req.session);
    }

    // ...
    // ...
    // ...
});

// Clears expired sessions
F.on('service', function(counter) {

    // ...
    // ...
    // ...

    Object.keys(SESSION).forEach(function(key) {
        var session = SESSION[key];
        if (session.ticks < ticks) { 
            delete SESSION[key];

            // When the session is expired then framework emits the event "session-remove"
            F.emit('session-remove', session);
        }
    });

    // ...
    // ...
    // ...    
});

Usage:

You can use the code below in each .js file on the server-side in Total.js.

F.on('session-new', function(req, res, session) {
    // new session
});

F.on('session-remove', function(session) {
    // session is removed
});

How to set the middleware to multiple routes together?


Tags

Follow us

Latest blogs
New CDN for Flow + Dashboard + Flowboard
Sun Nov 04 2018 09:05:03 GMT+0100 (CET)
OpenPlatform v3
Mon Oct 15 2018 10:11:07 GMT+0200 (CEST)
New Single Page Application template
Fri Oct 12 2018 21:25:34 GMT+0200 (CEST)
Flow: How to find a specific component?
Mon Sep 03 2018 20:21:30 GMT+0200 (CEST)
Total.js CMS v12
Mon Sep 03 2018 10:25:29 GMT+0200 (CEST)

Latest comments
Nice tip
Mauro Junior
Thu Sep 20 2018 21:41:02 GMT+0200 (CEST)
Not only for Total.js. You can communicate with different websocket servers.
Peter Širka
Mon Apr 23 2018 20:08:20 GMT+0200 (CEST)
Is WEBSOCKETCLIENT only for internal ws connections between totaljs apps?
Stelios Stephanua
Fri Mar 16 2018 06:04:22 GMT+0100 (CET)
Total.js is amazing! ;)
Leonardo Hessel
Tue Dec 19 2017 19:51:15 GMT+0100 (CET)

Pixabay

Read more

New CDN for Flow + Dashboard + Flowboard

News: I have changed CDN for Flow + Dashboard + Flowboard components to KeyCDN.

Sun Nov 04 2018 09:05:03 GMT+0100 (CET)
OpenPlatform v3

News: I have published a new version of OpenPlatform. New, better, faster, more secure and more simpler.

Mon Oct 15 2018 10:11:07 GMT+0200 (CEST)
New Single Page Application template

News: I have published free, beautiful and simple Total.js + jComponent SPA template under MIT license.

Fri Oct 12 2018 21:25:34 GMT+0200 (CEST)
Flow: How to find a specific component?

Tutorials: This tutorial shows you a quick way how to find a specific component in the Flow designer.

Mon Sep 03 2018 20:21:30 GMT+0200 (CEST)1
Total.js CMS v12

News: New version of CMS brings cool new features and new possibilities for your websites.

Mon Sep 03 2018 10:25:29 GMT+0200 (CEST)
Total.js Platform has a new direction

Business: We have changed the direction for Total.js platform. Currently all Total.js premium products are free.

Wed Aug 01 2018 13:46:17 GMT+0200 (CEST)