budibase/packages/server/middleware/session.js

const session = require('koa-session');

module.exports = (config, app) => {
    const sessionConfig = {
        key: 'budi:sess', /** (string) cookie key (default is koa:sess) */
        /** (number || 'session') maxAge in ms (default is 1 days) */
        /** 'session' will result in a cookie that expires when session/browser is closed */
        /** Warning: If a session cookie is stolen, this cookie will never expire */
        maxAge: 86400000,
        autoCommit: true, /** (boolean) automatically commit headers (default true) */
        overwrite: true, /** (boolean) can overwrite or not (default true) */
        httpOnly: true, /** (boolean) httpOnly or not (default true) */
        signed: true, /** (boolean) signed or not (default true) */
        rolling: false, /** (boolean) Force a session identifier cookie to be set on every response. The expiration is reset to the original maxAge, resetting the expiration countdown. (default is false) */
        renew: false, /** (boolean) renew session when session is nearly expired, so we can always keep user logged in. (default is false)*/
        store: {
            get: async (key, maxAge, { rolling }) => ({key}),
            set: async (key, sess, maxAge, { rolling, changed }) => ({key}),
            destroy: async (key) => ({})    
        }
      };

    return session(
        sessionConfig,
        app
    );
}
server - first passing tests 2019-06-14 11:05:46 +02:00			`const session = require('koa-session');`

			`module.exports = (config, app) => {`
			`const sessionConfig = {`
			`key: 'budi:sess', /** (string) cookie key (default is koa:sess) */`
			`/** (number \|\| 'session') maxAge in ms (default is 1 days) */`
			`/** 'session' will result in a cookie that expires when session/browser is closed */`
			`/** Warning: If a session cookie is stolen, this cookie will never expire */`
			`maxAge: 86400000,`
			`autoCommit: true, /** (boolean) automatically commit headers (default true) */`
			`overwrite: true, /** (boolean) can overwrite or not (default true) */`
			`httpOnly: true, /** (boolean) httpOnly or not (default true) */`
			`signed: true, /** (boolean) signed or not (default true) */`
			`rolling: false, /** (boolean) Force a session identifier cookie to be set on every response. The expiration is reset to the original maxAge, resetting the expiration countdown. (default is false) */`
			`renew: false, /** (boolean) renew session when session is nearly expired, so we can always keep user logged in. (default is false)*/`
authentication tests 2019-06-14 18:01:01 +02:00			`store: {`
			`get: async (key, maxAge, { rolling }) => ({key}),`
			`set: async (key, sess, maxAge, { rolling, changed }) => ({key}),`
			`destroy: async (key) => ({})`
			`}`
server - first passing tests 2019-06-14 11:05:46 +02:00			`};`

			`return session(`
			`sessionConfig,`
			`app`
			`);`
			`}`