auth/session_middleware.ts

Hono session boundary — cookie I/O, request-time middleware, and the
session-creation helper shared by login / signup / bootstrap.

Declarations
#

6 declarations

view source

clear_session_cookie
#

auth/session_middleware.ts view source

<T>(c: Context<any, any, {}>, options: SessionOptions<T>): void

Clear the session cookie on a response.

`c`

type Context<any, any, {}>

`options`

type SessionOptions<T>

returns

void

create_session_and_set_cookie
#

auth/session_middleware.ts view source

(options: CreateSessionAndSetCookieOptions): Promise<void>

Create an auth session and set the session cookie on the response.
Shared by login, signup, and bootstrap — generates a token, hashes it,
persists the session row, optionally enforces a per-account session limit,
and sets the signed cookie.

`options`

type CreateSessionAndSetCookieOptions

returns

Promise<void>

create_session_middleware
#

auth/session_middleware.ts view source

<TIdentity>(keyring: Keyring, options: SessionOptions<TIdentity>): MiddlewareHandler

Create session middleware that parses cookies and sets identity on context.
Always sets the identity on context (null when invalid/missing) for type-safe reads.
Uses options.context_key as the Hono context variable name.

`keyring`

key ring for cookie verification

type Keyring

`options`

session configuration

type SessionOptions<TIdentity>

returns

MiddlewareHandler

CreateSessionAndSetCookieOptions
#

auth/session_middleware.ts view source

CreateSessionAndSetCookieOptions

Options for create_session_and_set_cookie.

`keyring`

Keyring for cookie signing.

type Keyring

`deps`

Query deps (needs db for session creation).

type QueryDeps

`c`

Hono context for setting the cookie.

type Context

`account_id`

The account to create a session for.

type string

`session_options`

Session cookie configuration.

type SessionOptions<string>

`max_sessions`

Per-account session cap (null to skip enforcement).

type number | null

get_session_cookie
#

auth/session_middleware.ts view source

<T>(c: Context<any, any, {}>, options: SessionOptions<T>): string | undefined

Read the session cookie value from a request.

`c`

type Context<any, any, {}>

`options`

type SessionOptions<T>

returns

string | undefined

set_session_cookie
#

auth/session_middleware.ts view source

<T>(c: Context<any, any, {}>, value: string, options: SessionOptions<T>): void

Set the session cookie on a response.
options.max_age is the single source of truth for cookie lifetime: it
drives both the embedded expires_at (via create_session_cookie_value)
and the cookie's HTTP Max-Age attribute set here. Falls back to
SESSION_COOKIE_OPTIONS.maxAge (= SESSION_AGE_MAX) when unset.
options.cookie_options cannot carry maxAge (omitted in the type) so
the two values can't drift.

`c`

type Context<any, any, {}>

`value`

type string

`options`

type SessionOptions<T>

returns

void

auth/session_middleware.ts

Declarations
#

clear_session_cookie
#

`c`

`options`

returns

create_session_and_set_cookie
#

`options`

returns

create_session_middleware
#

`keyring`

`options`

returns

CreateSessionAndSetCookieOptions
#

`keyring`

`deps`

`c`

`account_id`

`session_options`

`max_sessions`

get_session_cookie
#

`c`

`options`

returns

set_session_cookie
#

`c`

`value`

`options`

returns

Depends on
#

Imported by
#