DEVHIDE
Login Or Sign up

How to implement iron-session with session id

1.4k Views Asked by At

I am using iron-session, next-connect with nextjs in our webapp and one of the requirements is to publish analytics events from our frontend code, like page views, button clicks and other custom events. These events are stored in our database and used by our data analyst with PowerBI.

Our webapp takes a user on an onboarding journey, then once it's done, we create an account for the user and redirects to dashboard. For the onboarding part, we don't have a user id yet while in the dashboard, we already do. However, we want to be able to track the user journey in the webapp so we need an identifier that is persisted throughout the whole journey. Thus, we think of a session id with the iron-session.

Now iron-session doesn't have a concept of session id, so I am trying to implement it myself. The session id will be our identifier of the user in our events table.

Here is the withSession middleware used with next-connect

import { getIronSession } from "iron-session";
import type { IncomingMessage } from "http";
import type { NextApiRequest } from "next";
import { nanoid } from "nanoid";

import appConfig from "@/backend/app.config";

export const sessionOptions = {
  password: appConfig.secret,
  cookieName: appConfig.cookies.sessionToken.name,
  cookieOptions: appConfig.cookies.sessionToken.options,
};

export async function withSession(
  req: IncomingMessage | NextApiRequest,
  res: any,
  next: any
) {
  const session = await getIronSession(req, res, sessionOptions);
  if (!session.id) session.id = nanoid(32);
  req.session = session;
  await req.session.save();
  return next();
}

declare module "iron-session" {
  interface IronSessionData {
    user?: { id: string };
    id: string;
  }
}

And a route that will use the middleware

const router = createRouter<NextApiRequest, NextApiResponse>()
  .use(...([withSession, withLogger, withTenant] as const))
  .get(async (req, res) => {
    // Authenticate user
    req.session.user = { id: userId };
    await req.session.save();
    return res.redirect("/");
  });

export default router.handler();
  • Is this a correct implementation of the said requirement?
  • Some libraries implement a kind of session.regenerate() when a user perform signIn and signOut. Do I need to implement it too? If I do, I will lose the identifier that persists throughout the whole user journey.
next.js session-cookies next-connect
Original Q&A
1

There are 1 best solutions below

0
On

  • since you are using typescript first define the type of session object

    declare module "iron-session" {
  interface IronSessionData {
    nameOfSessionObject?: {
       // in your implementation you were creating req.user and req.id
       // you could overwrite the req properties
       user?: { id: string };
       // you can manually create on the server
       id: string;
  };
 }
}

  • create a wrapper session function

        export function withSession(handler: any) {
      return withIronSessionApiRoute(handler, {
        password: appConfig.secret,
        cookieName: appConfig.cookies.sessionToken.name,
        //  Said in another way, the browser will not send a cookie with the secure attribute set over an unencrypted HTTP request
        cookieOptions: appConfig.cookies.sessionToken.options,
    })}

  • create the session object. you do not use getIronSession when creating a session.

you need that when you need to access to the session object in middleware

export default withSessio(
  async (req: NextApiRequest, res: NextApiResponse) => {
    if (req.method === "GET") {
      try {
        const sessionObj={....}
        req.session.nameOfSessionObject={...sessionObj}
        await req.session.save();
        // whatever you want to return
        return res.json(sessionObj);
      } catch (error) {
        console.error("error in verify post req", error);
        // 422 Unprocessable Entity
        res.status(422).send({ message: "Cannot create SESSION" });
      }
    } else if (req.method === "POST") {
    
      try {
         ..HANDLE POST HERE
      } catch (error) {
        res.status(422).send({ message: "Cannot generate a SESSION" });
      }
    } else {
      return res.status(200).json({ message: "Invalid api Route" });
    }
  }
);
  • now you can import above handler and connect with next-connect

Related Questions in NEXT.JS

Related Questions in SESSION-COOKIES

Related Questions in NEXT-CONNECT

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.