Module middleware/session

This module provides middleware for HTTP sessions.

It adds a session property to the request object that allows to store arbitrary data on on a per-visitor basis.

The default session implementation is based on Java Servlet sessions. This can be overridden by setting the app.session.impl property to an alternative session constructor.

app.session.impl = MySession;

The session constructor will be called with the request object as only argument when the session is first accessed.



ServletSession (request)


null request

ServletSession.prototype. creationTime

Createtime of the current session.

ServletSession.prototype. data

A container for things to store in this session between requests.

ServletSession.prototype. invalidate ()

Destroys the current session and any data bound to it.

ServletSession.prototype. isNew

True if this session was created in the current request. This can be useful to find out if the client has cookies disabled for cookie-based sessions.

ServletSession.prototype. lastAccessedTime

Time in Unix epoch milliseconds since the last client access.

ServletSession.prototype. maxInactiveInterval

A time interval in seconds, which the session will be open. If the interval is exceeded, the session gets invalidated.

ServletSession.prototype. volatile

A volatile property which survives a HTTP redirect and can be used for warnings or error messages in forms. After a requests was handled, the property is reset to null.

middleware (next, app)

This middleware provides support for anonymous user sessions.


Function next

the wrapped middleware chain

Object app

the Stick Application object



a JSGI middleware function


A session object for the current request. If no session exists a new one will be created.