session module
Session middleware for web. Sessions are keyed by a random UUID stored in an HttpOnly cookie; per-session data is a bnl map living in-process. The interface is pluggable — swap the store for one backed by Redis or a database without changing handler code.
import "web" as web;
import "session" as session;
var store = session.create_store(null);
var app = web.app();
app.before(store.before);
app.after (store.after);
app.get("/", function (req) {
var n = req.session.visits;
if (n == null) { n = 0; }
req.session.visits = n + 1;
return "visit " + str(req.session.visits);
});
app.listen({ port: 3000 });
API
| Function | Description |
|---|---|
session.create_store(opts) → store | Build an in-memory store. opts: {cookie_name, max_age, same_site, secure}. |
Store object
| Method | Description |
|---|---|
store.before | App-level middleware: populates req.session. Mount with app.before. |
store.after | App-level middleware: writes req.session back, attaches the session cookie. Mount with app.after. |
store.destroy(req) | Drop the session and arrange for the cookie to be deleted on the next response. |
store.count() → number | Number of sessions currently held. |
Notes
req.sessionis a per-request copy — mutatingreq.session.foo = ...is safe and gets written back at response time.- Defaults: cookie name
bnl_sid,max_age86400s,same_site: "Lax",secure: false(set true behind HTTPS). - For multi-process deployments, write your own store implementing
{before, after}on top of Redis or a DB.