Merge pull request #30 from jfromaniello/prevent_unnecesary_saves

feat: prevent unnecessary cookie overwrites and add manual session touch

Author: jcs224

README.md

@@ -93,6 +93,14 @@ app.get('/', async (c, next) => {
   return c.html(`<h1>You have visited this page ${ session.get('counter') } times</h1>`)
 })
 
+app.get('/read', (c) => {
+  const session = c.get('session')
+  session.touch() // Update the session expiration time
+  return c.json({
+    counter: session.get('counter')
+  })
+})
+
 Deno.serve(app.fetch)
 ```
 

deno.lock

@@ -2,4 +2,5 @@ export type { Context, MiddlewareHandler } from 'npm:hono@^4.0.0'
 export { createMiddleware } from 'npm:hono@^4.0.0/factory'
 export { getCookie, setCookie } from 'npm:hono@^4.0.0/cookie'
 export type { CookieOptions } from 'npm:hono@^4.0.0/utils/cookie'
-export * as Iron from 'npm:iron-webcrypto@^1.2.1'
+export * as Iron from 'npm:iron-webcrypto@^1.2.1'
+export { default as hash } from 'npm:hash-object@^5'

deps.ts

@@ -29,7 +29,7 @@ await build({
     },
     bugs: {
       url: "https://github.com/jcs224/hono_sessions/issues",
-    },
+    }
   },
   // typeCheck: false,
   // scriptModule: false,
@@ -42,4 +42,4 @@ await build({
 // post build steps
 Deno.copyFileSync("LICENSE", "npm/LICENSE");
 Deno.copyFileSync("README.md", "npm/README.md");
-Deno.copyFileSync("extras/.npmignore", "npm/.npmignore")
+Deno.copyFileSync("extras/.npmignore", "npm/.npmignore")

scripts/build_npm.ts

@@ -11,6 +11,7 @@ export function sessionMiddleware(options: SessionOptions): MiddlewareHandler {
   const expireAfterSeconds = options.expireAfterSeconds
   const cookieOptions = options.cookieOptions
   const sessionCookieName = options.sessionCookieName || 'session'
+  const autoExtendExpiration = options.autoExtendExpiration ?? false
 
   if (options.encryptionKey !== undefined) {
     if (typeof options.encryptionKey === 'function') {
@@ -37,7 +38,7 @@ export function sessionMiddleware(options: SessionOptions): MiddlewareHandler {
   }
 
   const middleware = createMiddleware(async (c, next) => {
-    const session = new Session
+    const session = new Session(expireAfterSeconds)
     let sid = ''
     let session_data: SessionData | null | undefined
     let createNewSession = false
@@ -65,7 +66,9 @@ export function sessionMiddleware(options: SessionOptions): MiddlewareHandler {
         session.setCache(session_data)
 
         if (session.sessionValid()) {
-          session.reupSession(expireAfterSeconds)
+          if (autoExtendExpiration) {
+            session.reupSession()
+          }
         } else {
           store instanceof CookieStore ? await store.deleteSession(c) : await store.deleteSession(sid)
           createNewSession = true
@@ -93,19 +96,25 @@ export function sessionMiddleware(options: SessionOptions): MiddlewareHandler {
         await store.createSession(sid, defaultData)
       }
 
-      session.setCache(defaultData)
+      session.setCache(defaultData, true)
     }
 
     if (!(store instanceof CookieStore)) {
       setCookie(c, sessionCookieName, encryptionKey ? await encrypt(encryptionKey, sid) : sid, cookieOptions)
     }
 
-    session.updateAccess()
+    if (autoExtendExpiration) {
+      session.updateAccess()
+    }
 
     c.set('session', session)
 
     await next()
 
+    if (session.isStale()) {
+      session.touch()
+    }
+
     const shouldDelete = session.getCache()._delete;
     const shouldRotateSessionKey = c.get("session_key_rotation") === true;
     const storeIsCookieStore = store instanceof CookieStore;
@@ -146,7 +155,8 @@ export function sessionMiddleware(options: SessionOptions): MiddlewareHandler {
      */
     const shouldPersistSession =
       !shouldDelete &&
-      (!shouldRotateSessionKey || storeIsCookieStore);
+      (!shouldRotateSessionKey || storeIsCookieStore) &&
+      session.isStale();
 
     if (shouldPersistSession) {
       store instanceof CookieStore

src/Middleware.ts

@@ -1,3 +1,5 @@
+import { hash } from '../deps.ts'
+
 interface SessionDataEntry<T> {
   value: T,
   flash: boolean
@@ -14,8 +16,11 @@ export interface SessionData<T = any> {
 export class Session<T = any> {
 
   private cache: SessionData<T>
+  private expiration: number | undefined
+  private hash: string | null = null
 
-  constructor() {
+  constructor(expiration?: number) {
+    this.expiration = expiration
     this.cache = {
       _data: {},
       _expire: null,
@@ -24,10 +29,15 @@ export class Session<T = any> {
     }
   }
 
-  setCache(cache_data: SessionData<T>) {
+  setCache(cache_data: SessionData<T>, isNew: boolean = false) {
+    this.hash = !isNew ? hash(cache_data) : null
     this.cache = cache_data
   }
 
+  isStale(): boolean {
+    return !this.hash || this.hash !== hash(this.cache)
+  }
+
   getCache(): SessionData<T> {
     return this.cache
   }
@@ -36,12 +46,23 @@ export class Session<T = any> {
     this.cache._expire = expiration
   }
 
-  reupSession(expiration: number | null | undefined) {
-    if (expiration) {
-      this.setExpiration(new Date(Date.now() + expiration * 1000).toISOString())
+  /**
+   * Extend expiration
+   */
+  reupSession() {
+    if (this.expiration) {
+      this.setExpiration(new Date(Date.now() + this.expiration * 1000).toISOString())
     }
   }
 
+  /**
+   * Extend session expiration and update access time
+   */
+  touch() {
+    this.reupSession()
+    this.updateAccess()
+  }
+
   deleteSession() {
     this.cache._delete = true
   }
@@ -50,6 +71,9 @@ export class Session<T = any> {
     return this.cache._expire == null || Date.now() < new Date(this.cache._expire).getTime()
   }
 
+  /**
+   * Update the last accessed time
+   */
   updateAccess() {
     this.cache._accessed = new Date().toISOString()
   }

src/Session.ts

@@ -7,5 +7,6 @@ export default interface SessionOptions {
   encryptionKey?: string | (() => string),
   expireAfterSeconds?: number,
   cookieOptions?: CookieOptions,
-  sessionCookieName?: string
-}
+  sessionCookieName?: string,
+  autoExtendExpiration?: boolean
+}