createCookieSessionStorage
createCookieSessionStorage creates a SessionStorage that saves all the session data in a cookie.
tsx
const storageconst storage: SessionStorage
(alias) createCookieSessionStorage(options?: CookieSessionStorageOptions | undefined): SessionStorage
import createCookieSessionStorage
tsx
const storageconst storage: SessionStorage
(alias) createCookieSessionStorage(options?: CookieSessionStorageOptions | undefined): SessionStorage
import createCookieSessionStorage
Usage
Creating a SessionStorage
tsx
import { createCookieSessionStorage(alias) const createCookieSessionStorage: CreateCookieSessionStorageFunction
import createCookieSessionStorage
const storageconst storage: SessionStorage
(alias) createCookieSessionStorage(options?: CookieSessionStorageOptions | undefined): SessionStorage
import createCookieSessionStorage
cookieThe Cookie used to store the session data on the client, or options used
to automatically create one.
(property) CookieSessionStorageOptions.cookie?: Cookie | (CookieParseOptions & CookieSerializeOptions & CookieSignatureOptions & {
name?: string | undefined;
}) | undefined secureSpecifies the boolean value for the
{@link
https://tools.ietf.org/html/rfc6265#section-5.2.5|`Secure` `Set-Cookie` attribute
}
. When truthy, the
`Secure` attribute is set, otherwise it is not. By default, the `Secure` attribute is not set.
*Note* be careful when setting this to `true`, as compliant clients will
not send the cookie back to the server in the future if the browser does
not have an HTTPS connection.
(property) CookieSerializeOptions.secure?: boolean | undefinedconst process: {
env: {
NODE_ENV: string;
SESSION_SECRET: string;
};
}(property) env: {
NODE_ENV: string;
SESSION_SECRET: string;
}(property) NODE_ENV: string
secretsAn array of secrets that may be used to sign/unsign the value of a cookie.
The array makes it easy to rotate secrets. New secrets should be added to
the beginning of the array. `cookie.serialize()` will always use the first
value in the array, but `cookie.parse()` may use any of them so that
cookies that were signed with older secrets still work.
(property) CookieSignatureOptions.secrets?: string[] | undefined
const process: {
env: {
NODE_ENV: string;
SESSION_SECRET: string;
};
}(property) env: {
NODE_ENV: string;
SESSION_SECRET: string;
}(property) SESSION_SECRET: string
sameSiteSpecifies the boolean or string to be the value for the
{@link
https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.7|`SameSite` `Set-Cookie` attribute
}
.
- `true` will set the `SameSite` attribute to `Strict` for strict same
site enforcement.
- `false` will not set the `SameSite` attribute.
- `'lax'` will set the `SameSite` attribute to Lax for lax same site
enforcement.
- `'strict'` will set the `SameSite` attribute to Strict for strict same
site enforcement.
- `'none'` will set the SameSite attribute to None for an explicit
cross-site cookie.
More information about the different enforcement levels can be found in
{@link
https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.7|the specification
}
.
*note* This is an attribute that has not yet been fully standardized, and may change in the future. This also means many clients may ignore this attribute until they understand it.
(property) CookieSerializeOptions.sameSite?: boolean | "lax" | "strict" | "none" | undefined pathSpecifies the value for the
{@link
https://tools.ietf.org/html/rfc6265#section-5.2.4|`Path` `Set-Cookie` attribute
}
.
By default, the path is considered the "default path".
(property) CookieSerializeOptions.path?: string | undefined maxAgeSpecifies the number (in seconds) to be the value for the `Max-Age`
`Set-Cookie` attribute. The given number will be converted to an integer
by rounding down. By default, no maximum age is set.
*Note* the
{@link
https://tools.ietf.org/html/rfc6265#section-5.3|cookie storage model specification
}
states that if both `expires` and `maxAge` are set, then `maxAge` takes precedence, but it is
possible not all clients by obey this, so if both are set, they should
point to the same date and time.
(property) CookieSerializeOptions.maxAge?: number | undefined httpOnlySpecifies the boolean value for the
{@link
https://tools.ietf.org/html/rfc6265#section-5.2.6|`HttpOnly` `Set-Cookie` attribute
}
.
When truthy, the `HttpOnly` attribute is set, otherwise it is not. By
default, the `HttpOnly` attribute is not set.
*Note* be careful when setting this to true, as compliant clients will
not allow client-side JavaScript to see the cookie in `document.cookie`.
(property) CookieSerializeOptions.httpOnly?: boolean | undefined }
});
tsx
import { createCookieSessionStorage(alias) const createCookieSessionStorage: CreateCookieSessionStorageFunction
import createCookieSessionStorage
const storageconst storage: SessionStorage
(alias) createCookieSessionStorage(options?: CookieSessionStorageOptions | undefined): SessionStorage
import createCookieSessionStorage
cookieThe Cookie used to store the session data on the client, or options used
to automatically create one.
(property) CookieSessionStorageOptions.cookie?: Cookie | (CookieParseOptions & CookieSerializeOptions & CookieSignatureOptions & {
name?: string | undefined;
}) | undefined secureSpecifies the boolean value for the
{@link
https://tools.ietf.org/html/rfc6265#section-5.2.5|`Secure` `Set-Cookie` attribute
}
. When truthy, the
`Secure` attribute is set, otherwise it is not. By default, the `Secure` attribute is not set.
*Note* be careful when setting this to `true`, as compliant clients will
not send the cookie back to the server in the future if the browser does
not have an HTTPS connection.
(property) CookieSerializeOptions.secure?: boolean | undefinedconst process: {
env: {
NODE_ENV: string;
SESSION_SECRET: string;
};
}(property) env: {
NODE_ENV: string;
SESSION_SECRET: string;
}(property) NODE_ENV: string
secretsAn array of secrets that may be used to sign/unsign the value of a cookie.
The array makes it easy to rotate secrets. New secrets should be added to
the beginning of the array. `cookie.serialize()` will always use the first
value in the array, but `cookie.parse()` may use any of them so that
cookies that were signed with older secrets still work.
(property) CookieSignatureOptions.secrets?: string[] | undefined
const process: {
env: {
NODE_ENV: string;
SESSION_SECRET: string;
};
}(property) env: {
NODE_ENV: string;
SESSION_SECRET: string;
}(property) SESSION_SECRET: string
sameSiteSpecifies the boolean or string to be the value for the
{@link
https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.7|`SameSite` `Set-Cookie` attribute
}
.
- `true` will set the `SameSite` attribute to `Strict` for strict same
site enforcement.
- `false` will not set the `SameSite` attribute.
- `'lax'` will set the `SameSite` attribute to Lax for lax same site
enforcement.
- `'strict'` will set the `SameSite` attribute to Strict for strict same
site enforcement.
- `'none'` will set the SameSite attribute to None for an explicit
cross-site cookie.
More information about the different enforcement levels can be found in
{@link
https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.7|the specification
}
.
*note* This is an attribute that has not yet been fully standardized, and may change in the future. This also means many clients may ignore this attribute until they understand it.
(property) CookieSerializeOptions.sameSite?: boolean | "lax" | "strict" | "none" | undefined pathSpecifies the value for the
{@link
https://tools.ietf.org/html/rfc6265#section-5.2.4|`Path` `Set-Cookie` attribute
}
.
By default, the path is considered the "default path".
(property) CookieSerializeOptions.path?: string | undefined maxAgeSpecifies the number (in seconds) to be the value for the `Max-Age`
`Set-Cookie` attribute. The given number will be converted to an integer
by rounding down. By default, no maximum age is set.
*Note* the
{@link
https://tools.ietf.org/html/rfc6265#section-5.3|cookie storage model specification
}
states that if both `expires` and `maxAge` are set, then `maxAge` takes precedence, but it is
possible not all clients by obey this, so if both are set, they should
point to the same date and time.
(property) CookieSerializeOptions.maxAge?: number | undefined httpOnlySpecifies the boolean value for the
{@link
https://tools.ietf.org/html/rfc6265#section-5.2.6|`HttpOnly` `Set-Cookie` attribute
}
.
When truthy, the `HttpOnly` attribute is set, otherwise it is not. By
default, the `HttpOnly` attribute is not set.
*Note* be careful when setting this to true, as compliant clients will
not allow client-side JavaScript to see the cookie in `document.cookie`.
(property) CookieSerializeOptions.httpOnly?: boolean | undefined }
});
Reading the session data of the current request
tsx
async function getUserId(request: Request) {
const session = await storage.getSession(request.headers.get("Cookie"));
const userId = session.get("userId");
}
tsx
async function getUserId(request: Request) {
const session = await storage.getSession(request.headers.get("Cookie"));
const userId = session.get("userId");
}
Writing the session data for the current request
tsx
async function login(request: Request, userId: string) {
const session = await storage.getSession(request.headers.get("Cookie"));
session.set("userId", userId);
const response = new Response("Logged in", {
"Set-Cookie": (property) env: {
NODE_ENV: string;
SESSION_SECRET: string;
} }
});
}
tsx
async function login(request: Request, userId: string) {
const session = await storage.getSession(request.headers.get("Cookie"));
session.set("userId", userId);
const response = new Response("Logged in", {
"Set-Cookie": (property) env: {
NODE_ENV: string;
SESSION_SECRET: string;
} }
});
}
Deleting the session data for the current request
tsx
import { redirect } from "solid-start";
async functionconst storage: SessionStorage
const session = await storage.getSession(request.headers.get("Cookie"));
return redirect((property) env: {
NODE_ENV: string;
SESSION_SECRET: string;
} headerAn array of secrets that may be used to sign/unsign the value of a cookie.
The array makes it easy to rotate secrets. New secrets should be added to
the beginning of the array. `cookie.serialize()` will always use the first
value in the array, but `cookie.parse()` may use any of them so that
cookies that were signed with older secrets still work.
(property) CookieSignatureOptions.secrets?: string[] | undefined
"Set-Cookie": await storage.destroySession(session)
}
});
}
tsx
import { redirect } from "solid-start";
async functionconst storage: SessionStorage
const session = await storage.getSession(request.headers.get("Cookie"));
return redirect((property) env: {
NODE_ENV: string;
SESSION_SECRET: string;
} headerAn array of secrets that may be used to sign/unsign the value of a cookie.
The array makes it easy to rotate secrets. New secrets should be added to
the beginning of the array. `cookie.serialize()` will always use the first
value in the array, but `cookie.parse()` may use any of them so that
cookies that were signed with older secrets still work.
(property) CookieSignatureOptions.secrets?: string[] | undefined
"Set-Cookie": await storage.destroySession(session)
}
});
}
Creating a new session
tsx
async function signUp(request: Request, userId: string) {
const session = await storage.getSession();
session.set("userId", userId);
The Cookie used to store the session data on the client, or options used
to automatically create one.
(property) CookieSessionStorageOptions.cookie?: Cookie | (CookieParseOptions & CookieSerializeOptions & CookieSignatureOptions & {
name?: string | undefined;
}) | undefined "Set-Cookie": (property) env: {
NODE_ENV: string;
SESSION_SECRET: string;
} }
});
}
tsx
async function signUp(request: Request, userId: string) {
const session = await storage.getSession();
session.set("userId", userId);
The Cookie used to store the session data on the client, or options used
to automatically create one.
(property) CookieSessionStorageOptions.cookie?: Cookie | (CookieParseOptions & CookieSerializeOptions & CookieSignatureOptions & {
name?: string | undefined;
}) | undefined "Set-Cookie": (property) env: {
NODE_ENV: string;
SESSION_SECRET: string;
} }
});
}
