User sessions

The server uses @fastify/secure-session to store user session data as an encrypted, secure, HTTP-only cookie.

Setup

This techniques requires a COOKIE_KEY environment variable. Generate one using the following command:

$ yarn generate-cookie-key

danger

Use a different COOKIE_KEY for each environment, and do not save it in your repository.

In request handlers, access the session data using request.session:

// get session data
request.session.get("myKey");
// set session data
request.session.set("myKey", "myValue");

User access token

For convenience, request a Swan user access token directly using request.accessToken:

const accessToken = request.accessToken;

// user isn't logged in
if (accessToken == undefined) {
  return reply.status(401).send("Unauthorized");
} else {
  // do something with `accessToken`
}

info

Learn more about Swan and access tokens in our main docs.

Setup​

Contents​

User access token​

Setup

Contents

User access token