nuxt-auth-utils
nuxt-auth-utils copied to clipboard
Atinux
feat: add server side session storage
This PR adds a server side storage option for sessions using useStorage.
The default behavior after this PR is still the same as before (using cookie as storageType which is the default)
export default defineNuxtConfig({
modules: ['nuxt-auth-utils'],
auth: {
storageType: 'cookie', // 'memory', 'cache', 'nuxt-session'
}
})
but now the storageType can be memory, cache or nuxt-session as well, where nuxt-session is a nitro storage mount point that can be defined in the nuxt.config.ts.
The 'non-cookie' storageTypes allow two more configs:
auth: {
sessionInactivityMaxAge: 60 * 60 * 24 * 30, // Session timeout after inactivity (30 days)
autoExtendSession: true // Extend session on each request
},
The sessionInactivityMaxAge is used to determine orphaned sessions that can be deleted with cleanupOrphanedUserSessions, which can run in a scheduled nitro task (unfortunately not on the edge) or in a server middleware or a specific route.
The session data is not encrypted to the server which can be discussed as the stored data is obvious at least in transfer to the server side anyway.
What this PR can not do, is determining multiple sessions of one user as this would need a server side user id, independent from the auth provider used (since one user could have multiple different providers).
I did not forget, will have a deeper look next week as I want to be confident with the API changes.
I did not forget, was running low on bandwidth to properly review it, but it's in my list!
Hi, when will this be implemented? We can help in some way to accelerate the process? I would like to have these functionalities.
