Easy-to-use nitro session.
- ๐ Continuous session between requests using a cookie or header
- ๐พ Auto-save session
- ๐ฆ Store session data using a cookie, header, or unjs/unstorage drivers
- ๐ Optional strict IP validation to ensure session security
- ๐ ๏ธ TypeScript support
- ESM (ECMAScript Modules) only
- Nitro version 2.6.x or higher
- Node.js version 18 or higher
- Add dependency (example using pnpm).
pnpm add @kikiutils/nitro-sessionYou can also use yarn, npm, or bun to add the dependency.
- Create a
server/plugins/session.tsfile and add the following code:
import nitroSession from '@kikiutils/nitro-session';
export default defineNitroPlugin((nitroApp) => nitroSession(nitroApp, useRuntimeConfig().nitroSession));- Create a
server/utils/session.tsfile and add the following code:
export * from '@kikiutils/nitro-session/runtime/utils';Important
If you encounter warning messages such as [unimport] failed to resolve ..., skip scanning during runtime, updating the unimport version to 3.9.0 or higher will resolve the issue. If updating is not possible, use the following code instead:
export {
clearH3EventContextSession,
deleteH3EventContextSessionStorageData,
getH3EventContextSessionToken,
popH3EventContextSession
} from '@kikiutils/nitro-session/runtime/utils';However, if you use this method, you will need to manually update the files whenever new utils are added. Using wildcard exports (*) will automatically export all utils, so it's recommended to use the latest version of unimport to support wildcard exports.
- Create a
session.d.tsfile in the project folder and add the following code:
declare module '@kikiutils/nitro-session' {
interface H3EventContextSession {
// Define the session data here.
}
}
export {};That's it! You're ready to use sessions in your Nitro app. Check out the configuration and usage instructions below โจ.
Configure using runtimeConfig in nitro.config.ts.
export default defineNitroConfig({
// Configure options here
runtimeConfig: { nitroSession: {} }
});For detailed options, refer to the PluginOptions interface in this file.
When using this session module, there are two types of data involved:
-
Stored Data: This refers to data such as user login information, login time, etc., which can be stored in memory or other specified storage.
-
Data Token: This refers to the token used to retrieve the corresponding data after the frontend sends a request to the server. This token can be transmitted using cookie or header.
The available storage types are:
- azure-app-configuration
- azure-cosmos
- azure-key-vault
- azure-storage-blob
- azure-storage-table
- cloudflare-kv-binding
- cloudflare-kv-http
- cloudflare-r2-binding
- cookie/header
- fs
- fs-lite
- http
- lru-cache
- memory (default)
- mongodb
- netlify-blobs
- planetscale
- redis
- vercel-kv
Important
If the driver you are using is not cookie/header or memory, please visit here for additional dependencies and considerations.
When using cookie/header for storage, data will be encrypted and transmitted in requests based on the token type. In this case, no data is stored on the server. Please be aware of potential security risks such as interception, session hijacking, XSS, CSRF, and unauthorized access. Ensure that proper security measures are in place to protect your data.
Example configuration for using Redis as the data storage:
export default defineNitroConfig({
runtimeConfig: {
nitroSession: {
storage: {
data: {
driver: 'redis',
// Options for the corresponding driver
options: { url: 'redis://127.0.0.1:6379' }
}
}
}
}
});The available transmission types are:
- cookie (default)
- header
Example configuration for using header as the token transmission method:
export default defineNitroConfig({
runtimeConfig: {
nitroSession: {
storage: {
token: {
driver: 'header',
// Options for the corresponding method
options: {
name: 'session',
setName: 'set-session'
}
}
}
}
}
});When using cookie, the browser will automatically handle the set-cookie in the response and include the cookie in subsequent requests (in most cases).
When using header, you need to handle it manually. Set the token as the value of the key specified by nitroSession.storage.token.options.name when sending a request.
If the response contains a header with the name specified by nitroSession.storage.token.options.setName, you need to save this value and include it as the token in subsequent requests.
The following is an example code using Axios and storing the token in sessionStorage:
import axios from 'axios';
const axiosInstance = axios.create();
axiosInstance.interceptors.request.use((request) => {
request.headers.session = window.sessionStorage.getItem('session');
return request;
});
axiosInstance.interceptors.response.use((response) => {
const sessionToken = response.headers['set-session'];
if (sessionToken !== undefined) sessionToken ? window.sessionStorage.setItem('session', sessionToken) : window.sessionStorage.removeItem('session');
return response;
});You can use event.context.session to access sessions.
The on-change package is used internally to detect changes to the session object. If no changes are detected, no data will be stored and no cookie/header will be set.
server/api/test.ts
export default defineEventHandler((event) => {
event.context.session.account = 'account';
event.context.session.username = 'name';
// Remaining operations...
return 'success';
});server/middleware/auth.ts
export default defineEventHandler((event) => {
const loginedUserId = event.context.session.userId;
// Remaining operations...
});Important
The session can only store serializable data.
Important
This will replace the default Nitro error page.
Due to a bug in one or more of the packages (h3/hookable/nitro), to ensure that the session can still be properly handled after an error occurs during API processing, you need to modify the errorHandler setting in the nitro.config:
export default defineNitroConfig({ errorHandler: './error-handler' });Contents of error-handler.ts without using send function:
export default () => {};Contents of error-handler.ts using send function:
import { processResponseEvent } from '@kikiutils/nitro-session';
import type {
H3Error,
H3Event
} from 'h3';
export default async (_: H3Error, event: H3Event) => {
await processResponseEvent(event);
send(event, 'internal server error'); // Or other error message
};Visit this page for more information about the error handler.
During runtime, the following utils are available for manipulating the session. Related comments and examples are provided in this file.
- clearH3EventContextSession
- deleteH3EventContextSessionStorageData
- getH3EventContextSessionToken
- popH3EventContextSession