Skip to main content

User sessions

The server uses @fastify/secure-session to store user session data as an encrypted, secure, HTTP-only cookie.

Setup

This techniques requires a COOKIE_KEY environment variable. Generate one using the following command:

$ yarn generate-cookie-key
danger

Use a different COOKIE_KEY for each environment, and do not save it in your repository.

Contents

In request handlers, access the session data using request.session:

// get session data
request.session.get("myKey");
// set session data
request.session.set("myKey", "myValue");

User access token

For convenience, request a Swan user access token directly using request.accessToken:

const accessToken = request.accessToken;

// user isn't logged in
if (accessToken == undefined) {
return reply.status(401).send("Unauthorized");
} else {
// do something with `accessToken`
}
info

Learn more about Swan and access tokens in our main docs.

🚀 Any questions? Help improve this project and the docs by opening a GitHub discussion.