Sessions

We recommend reading HTTP Parameter Decorators & Session middleware before continuing

Main

Every time your web application receives a request, Mandarine will verify if there is a specific cookie which holds the session id, and if the cookie is missing, Mandarine will create a new cookie with a new & unique session id and it will also inject a session context in the request (this context will hold the session information).

Note that concept of sessions are directly related to the Mandarine MVC module.

Where are sessions stored?

Sessions are stored in a session container. By default, Mandarine has a session container that stores all the sessions in Memory (not meant for production).

You can create your own implementation of the session container by creating your own class that implements MandarineSecurity.Sessions.SessionStore. By creating your own implementation of SessionStore, you will be able to override where the sessions are stored, this means, you will be able to define the behavior you would like.

Session Container

The session container handles the initialization of the session system & it also tells Mandarine how it should behave when it comes to the different states of a session. (See interface here)

  • cookie

    • cookie.path Specifies the value for the path of the session cookie. By default, this is set to '/'

    • cookie.httpOnly Specifies whether the cookie will be visible in the javascript. By default, this is set to false

    • cookie.secure Specifies if the session cookie is secure.

    • cookie.maxAge Forces the cookie to expire in the specified amount of time.

  • keys

    • Specifies an array of keys to sign the cookies related to the sessions.

    • At least one value must be entered. If keys contains multiple values, only the first element will be used to sign, while all the elements will be used to verify the signature.

  • sessionPrefix

    • Specifies the prefix of the session name for the session cookie. By default, this is set to mandarine-session

  • genId

    • Specifies the method to be used in order to generate a unique Id. By default, this is set to a mandarine internal method.

  • resave

    • Forces the session to be saved back in the session store, even when no modifications were made to it. If you want to avoid the use of unnecessary processes, set this to false. By default, this is set to false

  • rolling

    • Forces the session cookie to reset its expiration time every time there is a request.

  • saveUninitialized

    • Forces the session to be saved in the session store when it is new and it has not been initialized.

      • A session is new & uninitialized when it has not been modified after its creation.

  • store

Defining my own session container

Understanding of Manual Components is required for this section.

The use of manual components will make you able to define your own session container & thus specify the behaviors of handling sessions in your mandarine-powered application.

To define your own session container you will need to create a manual component inside a configuration component (preferably). The method of your manual component must be called "getSessionContainer".

import { Configuration, Injectable } from "https://deno.land/x/mandarinets/mod.ts";

@Configuration()
export class ConfigClass {

    @Injectable()
    public getSessionContainer() {
        return {
            rolling: true,
            store: new MySessionStoreImpl()
        };
    }

}

Note that all the values from your SessionContainer object that are ignored will be set to their default values.

Note that MySessionStoreImpl() is the equivalent to your custom implementation of MandarineSecurity.Sessions.SessionStore as described above.

Usage

In order to use sessions, please click on this link and then click on the tab "@Session".

Last updated