connect-redis provides Redis session storage for Express.
connect-redis requires express-session
to installed and one of the following compatible Redis clients:
Install with redis
:
npm install redis connect-redis express-session
Install with ioredis
:
npm install ioredis connect-redis express-session
connect-redis supports both CommonJS (require
) and ESM (import
) modules.
Import using ESM/Typescript:
import {RedisStore} from "connect-redis"
Require using CommonJS:
const {RedisStore} = require("connect-redis")
Full setup using redis
package:
import {RedisStore} from "connect-redis"
import session from "express-session"
import {createClient} from "redis"
// Initialize client.
let redisClient = createClient()
redisClient.connect().catch(console.error)
// Initialize store.
let redisStore = new RedisStore({
client: redisClient,
prefix: "myapp:",
})
// Initialize session storage.
app.use(
session({
store: redisStore,
resave: false, // required: force lightweight session keep alive (touch)
saveUninitialized: false, // recommended: only save session when data exists
secret: "keyboard cat",
}),
)
An instance of redis
or ioredis
.
Key prefix in Redis (default: sess:
).
Note: This prefix appends to whatever prefix you may have set on the client
itself.
Note: You may need unique prefixes for different applications sharing the same Redis instance. This limits bulk commands exposed in express-session
(like length
, all
, keys
, and clear
) to a single application's data.
If the session cookie has a expires
date, connect-redis
will use it as the TTL.
Otherwise, it will expire the session using the ttl
option (default: 86400
seconds or one day).
interface RedisStoreOptions {
...
ttl?: number | {(sess: SessionData): number}
}
ttl
also has external callback support. You can use it for dynamic TTL generation. It has access to session
data.
Note: The TTL is reset every time a user interacts with the server. You can disable this behavior in some instances by using disableTouch
.
Note: express-session
does not update expires
until the end of the request life cycle. Calling session.save()
manually beforehand will have the previous value.
Disables resetting the TTL when using touch
(default: false
)
The express-session
package uses touch
to signal to the store that the user has interacted with the session but hasn't changed anything in its data. Typically, this helps keep the users session alive if session changes are infrequent but you may want to disable it to cut down the extra calls or to prevent users from keeping sessions open too long. Also consider enabling if you store a lot of data on the session.
Ref: https://github.com/expressjs/session#storetouchsid-session-callback
Disables key expiration completely (default: false
)
This option disables key expiration requiring the user to manually manage key cleanup outside of connect-redis
. Only use if you know what you are doing and have an exceptional case where you need to manage your own expiration in Redis.
Note: This has no effect on express-session
setting cookie expiration.
Provide a custom encoder/decoder to use when storing and retrieving session data from Redis (default: JSON.parse
and JSON.stringify
).
Optionally parse
method can be async if need be.
interface Serializer {
parse(string): object | Promise<object>
stringify(object): string
}
Value used for count parameter in Redis SCAN
command. Used for ids()
and all()
methods (default: 100
).