Skip to content

Commit

Permalink
Merge pull request from GHSA-2ccf-ffrj-m4qw
Browse files Browse the repository at this point in the history 
Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
Signed-off-by: Matteo Collina <hello@matteocollina.com>
Co-authored-by: Matteo Collina <hello@matteocollina.com>
  • Loading branch information
@RafaelGSS @mcollina
RafaelGSS and mcollina authored Apr 20, 2023
1 parent 43c82c3 commit 07c90fe
Show file tree
Hide file tree
Showing 10 changed files with 396 additions and 13,020 deletions.
5 changes: 5 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,11 @@ server.register(fastifyPassport.secureSession())
fastifyPassport.use('test', new SomePassportStrategy()) // you'd probably use some passport strategy from npm here
```

## Session cleanup on logIn

For security reasons the session is cleaned after login. You can manage this configuration at your own risk by using
`clearSessionOnLogin (default: true)` and `clearSessionIgnoreFields (default: ['passport', 'session'])`

## Difference between `@fastify/secure-session` and `@fastify/session`
`@fastify/secure-session` and `@fastify/session` are both session plugins for Fastify which are capable of encrypting/decrypting the session. The main difference is that `@fastify/secure-session` uses the stateless approach and stores the whole session in an encrypted cookie whereas `@fastify/session` uses the stateful approach for sessions and stores them in a session store.

Expand Down
Loading

0 comments on commit 07c90fe

Please sign in to comment.