@radzor/session-manager

Server-side session management with pluggable stores (memory, Redis, PostgreSQL). Handles session creation, rotation, expiry, and signed cookie generation. Framework-agnostic.

Authenticationv0.1.0typescriptpythonServersessionauthcookieredisstoresecurityby Radzor

Install

View source on GitHub →

$npx radzor@latest add session-manager

⚠ Constraints: Memory store loses all sessions on restart — use redis or postgres for production. Set secure: false only in local development. Always use HTTPS in production to prevent session hijacking.

Inputs

Name	Type	Default	Description
store	'memory' \| 'redis' \| 'postgres'	memory	Backing store for session data.
connection	string	—	Redis URL or PostgreSQL connection string. Required for redis and postgres stores.
secret*	string	—	Secret for signing session cookies (HMAC-SHA256).SESSION_SECRET
ttl	number	86400	Session lifetime in seconds (default: 24 hours).
cookieName	string	sid	Name of the session cookie.
secure	boolean	true	Set Secure flag on cookie (HTTPS only). Disable in development.

{ "llm": { "constraints": "Memory store loses all sessions on restart — use redis or postgres for production. Set secure: false only in local development. Always use HTTPS in production to prevent session hijacking.", "usageExamples": "llm/examples.md", "integrationPrompt": "llm/integration.md" }, "name": "@radzor/session-manager", "tags": [ "session", "auth", "cookie", "redis", "store", "security" ], "events": [ { "name": "onCreated", "payload": { "userId": "string", "sessionId": "string" }, "description": "Fired when a new session is created." }, { "name": "onDestroyed", "payload": { "sessionId": "string" }, "description": "Fired when a session is explicitly destroyed." }, { "name": "onExpired", "payload": { "sessionId": "string" }, "description": "Fired when a session expires." }, { "name": "onError", "payload": { "code": "string", "message": "string" }, "description": "Fired on store read/write errors." } ], "inputs": [ { "name": "store", "type": "'memory' | 'redis' | 'postgres'", "default": "memory", "required": false, "description": "Backing store for session data." }, { "name": "connection", "type": "string", "required": false, "description": "Redis URL or PostgreSQL connection string. Required for redis and postgres stores." }, { "name": "secret", "type": "string", "envVar": "SESSION_SECRET", "required": true, "description": "Secret for signing session cookies (HMAC-SHA256)." }, { "name": "ttl", "type": "number", "default": 86400, "required": false, "description": "Session lifetime in seconds (default: 24 hours)." }, { "name": "cookieName", "type": "string", "default": "sid", "required": false, "description": "Name of the session cookie." }, { "name": "secure", "type": "boolean", "default": true, "required": false, "description": "Set Secure flag on cookie (HTTPS only). Disable in development." } ], "radzor": "1.0.0", "actions": [ { "name": "create", "params": [ { "name": "data", "type": "Record<string, unknown>", "description": "Initial session payload (e.g. { userId, role })." } ], "returns": "Promise<{ sessionId: string; cookie: string }>", "description": "Create a new session and return its ID and signed cookie value." }, { "name": "get", "params": [ { "name": "sessionId", "type": "string", "description": "Session ID to retrieve." } ], "returns": "Promise<Record<string, unknown> | null>", "description": "Retrieve session data by ID. Returns null if expired or not found." }, { "name": "set", "params": [ { "name": "sessionId", "type": "string", "description": "Session ID to update." }, { "name": "data", "type": "Record<string, unknown>", "description": "Updated session payload (merged)." } ], "returns": "Promise<void>", "description": "Update session data and reset its TTL." }, { "name": "destroy", "params": [ { "name": "sessionId", "type": "string", "description": "Session ID to invalidate." } ], "returns": "Promise<void>", "description": "Destroy a session immediately." }, { "name": "parseCookie", "params": [ { "name": "cookieHeader", "type": "string", "description": "Raw Cookie header from the request." } ], "returns": "string | null", "description": "Extract and verify the session ID from a Cookie header." } ], "outputs": [ { "name": "sessionData", "type": "Record<string, unknown>", "description": "Session payload associated with the session ID." }, { "name": "sessionId", "type": "string", "description": "Opaque session identifier." } ], "runtime": "server", "version": "0.1.0", "category": "auth", "languages": [ "typescript", "python" ], "description": "Server-side session management with pluggable stores (memory, Redis, PostgreSQL). Handles session creation, rotation, expiry, and signed cookie generation. Framework-agnostic.", "dependencies": { "packages": {} }, "composability": { "connectsTo": [ { "event": "onCreated", "description": "Track new sessions for analytics", "compatibleWith": [ "@radzor/event-tracker.action.track.eventName", "@radzor/log-aggregator.action.info.message" ] }, { "event": "onExpired", "description": "Log session expirations", "compatibleWith": [ "@radzor/log-aggregator.action.info.message" ] } ] } }

@radzor/session-manager

Install

Inputs

Outputs

Actions

Events

Composability

radzor.manifest.json

Version History

Name	Type	Description
sessionData	Record<string, unknown>	Session payload associated with the session ID.
sessionId	string	Opaque session identifier.