How to create a session middleware?

Sat Nov 19 2016 18:19:51 GMT+0100 (Central European Standard Time), Peter Širka

How to create a session middleware?

We create a simple middleware

You can save the code below as your-app/definitions/session.js:

const COOKIE = '__session';
const TIMEOUT = '10 minutes';
const SESSION = {};

// We register a new middleware `session`
F.middleware('session', function(req, res, next, options, controller) {

    var cookie = req.cookie(COOKIE);
    var ip = req.ip.hash().toString();

    // A simple prevention for session hijacking
    if (cookie) {
        var arr = cookie.split('|');
        if (arr[1] !== ip)
            cookie = null;
    }

    if (!cookie) {
        cookie = U.GUID(15) + '|' + ip;

        // Writes cookie
        res.cookie(COOKIE, cookie);
    }

    var session = SESSION[cookie];
    if (session)
        req.session = session;
    else
        SESSION[cookie] = req.session = {};

    // Extends session timeout
    req.session.ticks = F.datetime;
    next();
});

// Clears expired sessions
F.on('service', function(counter) {

    // each 2 minutes
    if (counter % 2 !== 0)
        return;

    var ticks = F.datetime.add('-' + TIMEOUT);

    Object.keys(SESSION).forEach(function(key) {
        var session = SESSION[key];
        if (session.ticks < ticks)
            delete SESSION[key];
    });
});
  • constant SESSION contains all active sessions
  • constant TIMEOUT contains expiration time for a session
  • constant COOKIE contains a cookie name

Usage

Now we can use the middleware, so create/modify a controller e.g. /your-app/controllers/default.js:

exports.install = function() {
    F.route('/', view_index, ['#session']);
};

function view_index() {
    // this === controller
    var self = this;

    if (self.session.counter === undefined)
        self.session.counter = 0;

    self.session.counter++;
    self.view('index');
}

What have we done in the code above?

  • we created a route to homepage F.route('/', action, [flags])
  • the route contains session middleware, which we created
  • then we used controller.session in the controller's action

Extend middleware by adding e.g. events

Now it's very easy to extend functionality of middleware. So I extend the code below:

F.middleware('session', function(req, res, next, options, controller) {

    // ...
    // ...
    // ...

    var session = SESSION[cookie];
    if (session)
        req.session = session;
    else {
        SESSION[cookie] = req.session = {};

        // When the session is created then framework emits the event "session-new"
        F.emit('session-new', req, res, req.session);
    }

    // ...
    // ...
    // ...
});

// Clears expired sessions
F.on('service', function(counter) {

    // ...
    // ...
    // ...

    Object.keys(SESSION).forEach(function(key) {
        var session = SESSION[key];
        if (session.ticks < ticks) { 
            delete SESSION[key];

            // When the session is expired then framework emits the event "session-remove"
            F.emit('session-remove', session);
        }
    });

    // ...
    // ...
    // ...    
});

Usage:

You can use the code below in each .js file on the server-side in Total.js.

F.on('session-new', function(req, res, session) {
    // new session
});

F.on('session-remove', function(session) {
    // session is removed
});

How to set the middleware to multiple routes together?


Tags

Follow us

Latest blogs
Flow v6 is here!
Thu Mar 07 2019 11:53:54 GMT+0100 (Central European Standard Time)
A critical security fix
Wed Feb 13 2019 22:15:39 GMT+0100 (Central European Standard Time)
New release: Total.js v3.2
Wed Feb 13 2019 22:14:39 GMT+0100 (Central European Standard Time)
Total.js Wiki v2
Fri Jan 04 2019 22:15:01 GMT+0100 (Central European Standard Time)
Total Year 2018
Thu Jan 03 2019 21:14:00 GMT+0100 (Central European Standard Time)

Latest comments
Nice tip
Mauro Junior
Thu Sep 20 2018 21:41:02 GMT+0200 (Central European Summer Time)
Not only for Total.js. You can communicate with different websocket servers.
Peter Širka
Mon Apr 23 2018 20:08:20 GMT+0200 (Central European Summer Time)
Marko: you need to create a buffer with this codepage and write byte-to-byte string. I recommend ...
Peter Širka
Mon Apr 23 2018 20:06:21 GMT+0200 (Central European Summer Time)
Is WEBSOCKETCLIENT only for internal ws connections between totaljs apps?
Stelios Stephanua
Fri Mar 16 2018 06:04:22 GMT+0100 (Central European Standard Time)
Total.js is amazing! ;)
Leonardo Hessel
Tue Dec 19 2017 19:51:15 GMT+0100 (Central European Standard Time)

Pixabay


Read more

Flow v6 is here!

News: We have released a new version of Flow. This version brings great new features and UI improvements.

Thu Mar 07 2019 11:53:54 GMT+0100 (Central European Standard Time)
A critical security fix

News: We were notified about the critical security bug in Total.js framework. Read a prevention.

Wed Feb 13 2019 22:15:39 GMT+0100 (Central European Standard Time)
New release: Total.js v3.2

News: This new release brings a critical security fix and small new improvements. Update Total.js now.

Wed Feb 13 2019 22:14:39 GMT+0100 (Central European Standard Time)
Total.js Wiki v2

Products: I have released a new version of Total.js Wiki. New version brings new improvements.

Fri Jan 04 2019 22:15:01 GMT+0100 (Central European Standard Time)
Total Year 2018

Business: Last year was perfect for Total.js platform. Total.js platform grows up and it has great results.

Thu Jan 03 2019 21:14:00 GMT+0100 (Central European Standard Time)
Total.js Code Editor v1

Products: Try our real-time collaboration tool for Total Developers. Code Editor offers great features for development.

Fri Dec 07 2018 22:55:13 GMT+0100 (Central European Standard Time)