session
The session extension provides cookie-based sessions with server-side file storage.
API
| Method | Description |
|---|---|
session.start() | Start or resume a session |
session.get(key) | Get a session value |
session.set(key, value) | Set a session value |
session.destroy() | Destroy the session |
Basic Usage
session.start();
// Store data
session.set("user_id", 42);
session.set("username", "Alice");
// Retrieve data
const userId = session.get("user_id"); // 42
const username = session.get("username"); // "Alice"
// Non-existent keys return null
const missing = session.get("foo"); // null
Login Example
if (request.method === "POST") {
const data = JSON.parse(request.body);
const db = sqlite.open("/var/www/data/app.db");
const user = db.queryOne("SELECT * FROM users WHERE email = ? AND password = ?",
[data.email, crypto.sha256(data.password)]);
db.close();
if (user) {
session.start();
session.set("user_id", user.id);
session.set("username", user.name);
response.setStatus(200);
print(JSON.stringify({ success: true }));
} else {
response.setStatus(401);
print(JSON.stringify({ error: "Invalid credentials" }));
}
}
Logout
session.start();
session.destroy();
Auth Guard
session.start();
if (!session.get("user_id")) {
response.setStatus(302);
response.setHeader("Location", "/login");
} else {
print(`<h1>Welcome back, ${session.get("username")}!</h1>`);
}
How It Works
- A
JSCGI_SESSIDcookie is set on the client - Session data is stored as JSON files on the server
- Files are stored in
/tmp/js-cgi_sessions/ - The cookie is HttpOnly and SameSite=Strict by default
session.start()must be called beforeget()orset()