Comments (6)
cc @devjmetivier as for the OverridableOptions question. Thanks.
from iron-session.
Can you provide explanations why we need mergeHeaders and createResponse
These aren't required in the next.js example because we are passing cookies()
there. If we pass something like:
const res = new Response()
getIronSession(req, res, ...)
then cookies are appended to the original res
object. Later if someone wants to, say, specify body based on the session data, they will need something like createResponse(res, { body: 'the user is authenticated' })
.
If we aren't planning on supporting other frameworks, then I guess it's fine to not export them.
from iron-session.
iron-session v8 is live now 👍 https://github.com/vvo/iron-session
from iron-session.
Hey. I see this is closed now, however, for the use case of Overridable Options is that:
We can set our options for our Iron Session object during
- Initiation
const getServerActionSession = async () => {
const session = getServerActionIronSession<IronSessionData>(sessionOptions, cookies())
return session
}
- Function call
.save()
or.destroy()
export const submitCookieToStorageServerAction = async (cookie: string) => {
const session = await getServerActionSession()
session.cookieVariable = cookie
const newCookieOption = { cookieOptions: { maxAge: undefined } }
await session.save(newCookieOption)
}
We need options
for the developer to pass in Cookie options that are different than the defaultOptions
at the time of Iron Session object initiation and/or later at the time of .save()
/.destroy()
function call.
const defaultOptions: Required<OverridableOptions> = {
ttl: fourteenDaysInSeconds,
cookieOptions: { httpOnly: true, secure: true, sameSite: 'lax', path: '/' },
}
function mergeOptions(
userSessionOptions: IronSessionOptions,
overrides?: OverridableOptions,
): Required<IronSessionOptions> {
const options: Required<IronSessionOptions> = {
...defaultOptions,
...userSessionOptions,
...overrides,
cookieOptions: {
...defaultOptions.cookieOptions,
...userSessionOptions.cookieOptions,
...overrides?.cookieOptions,
},
};
We need the type OverridableOptions
to ensure ttl
is passed as our Iron Session core code expects and the cookieOptions
are passed to the Cookie handler as the NextJS cookies() function expects
type OverridableOptions = Pick<IronSessionOptions, "cookieOptions" | "ttl">;
The final type definition for `CookieOptions` ends up to be
`'domain' | 'path' | 'secure' | 'sameSite' | 'name' | 'value' | 'expires' | 'httpOnly' | 'maxAge' | 'priority'`
Note these code examples refer to the codebase before the most recent Friday release changes. Congratulations on the release!
from iron-session.
Thank you @renchris, for the detailed explanation.
Do you have any real-world example in mind for when you would need to update ttl and/or cookie options during a save()? I am not saying they are none but I like to start from the problem (? changing the cookie name, why?) and then move to the solution (save accepts options)
What I have done in the end: I created updateConfig that you can call anytime to update any options:
Line 115 in eb1db40
This should be enough, correct?
from iron-session.
Also @renchris I mentioned you here: https://twitter.com/vvoyer/status/1726521507457986758 👍
from iron-session.
Related Issues (20)
- Package causing multiple response problem HOT 1
- session object empty on Apollo Server API Route
- Can i use iron-session with pages routes ? HOT 1
- Implementing iron-session with TRPC HOT 9
- Session cookie not created when static web app is sitting behind azure front door due to domain mismatch HOT 3
- Static maxAge
- v8 - Attaching session to request HOT 1
- Make properties in T for IronSession<T> optional (union with undefined)
- v6 and Next 13 pages middleware HOT 12
- Migration away from `withIronSessionApiRoute` HOT 3
- await session.save() fails to set cookie if cookies.set() is used after HOT 2
- session returned from `getIronSessionFromCookieStore` does not implement full interface HOT 1
- outdated dependency @types/cookie causes type mismatch HOT 4
- why getIronSession not work in middleware like in example (App router + client components, route handlers, and SWR) HOT 3
- Support the `partitioned` attribute in cookie settings HOT 1
- Discrepancy in documentation of password rotation. HOT 5
- Next.js middleware token rotation issue HOT 3
- Unable to create a session cookie HOT 3
- How to access stored sessions of my users?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from iron-session.