I am using this module for koajs sessions.
I checked the source code but I really cannot understand it. I am trying to know where it is saving the session data, because I see no files created, and when the server is restarted the session data is still there.
I got the feeling it is saving the data in the cookie itself, then I see it creates two cookies with scrambled text.
Now, is it encoding the data in the cookie itself (unsecure) or is it saving the data on the server in a manner I do not understand yet?
According to this section of code in the koa-session library, the session data is encoded into JSON, then into base64, then attached to a cookie.
Session.prototype.save = function(){
var ctx = this._ctx;
var json = this.toJSON();
var opts = ctx.sessionOptions;
var key = ctx.sessionKey;
// set expire into cookie value
var maxAge = opts.maxAge || ONE_DAY;
json._expire = maxAge + Date.now();
json._maxAge = maxAge;
json = encode(json);
debug('save %s', json);
ctx.cookies.set(key, json, opts); // <-- this is where the session is being saved
};
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With