NodeJS - Framework for stateless sessions?

Question

Is there a framework to support fully client-managed sessions? In other words, instead of storing just the signed pid in the cookie (as Express does), store all context... so that you can manage state across clusters without the requirement to persist.

Answer 1

There is express middleware which supports this:

https://github.com/expressjs/cookie-session

cookieSession()

Provides cookie-based sessions, and populates req.session. This middleware takes the following options:

• name - cookie name defaulting to "session"
• keys - list of secret keys to prevent tampering
• secret - used as single key if keys are not specified
• options - additional options such as secure, httpOnly, maxAge, etc.

Middleware:

var cookieSession = require('cookie-session')
...
app.use(cookieSession({
    name: "my_session_cookie",
    secret: "dont_tell_anybody_the_secret_and_change_it_often",
    options: { ... }
));

app.use((req, res, next) => {
    // set options on req.session before your response goes out
    req.session.viewCount = (req.session.viewCount || 0) + 1;
    res.end(`You viewed the page ${req.session.viewCount} times.`);
});

To clear a cookie simply assign the session to null before responding:

req.session = null