H
Hono5mo ago
andystevenson

hono-sessions not sharing state between routes.

Hi was just working through hello world login/logout scenario but cannot seem to get the state shared between different routes created in separate files?
6 Replies
Nico
Nico5mo ago
Can you post any code of what your tried so we can see
andystevenson
andystevenson5mo ago
import { serveStatic } from 'hono/bun'
import { logger } from 'hono/logger'
import { cors } from 'hono/cors'
import { type WithSession, Hono, sessionMiddleware, store } from './Hono'

import home from './pages/home'
import login from './routes/login'
import logout from './routes/logout'
import auth from './routes/auth'

const app = new Hono<WithSession>()

app.use(
  '*',
  sessionMiddleware({
    store,
    encryptionKey: Bun.env.SAGE_SESSION_ENCRYPTION_KEY,
    // Required for CookieStore, recommended for others
    expireAfterSeconds: 15 * 60, // Expire session after 15 minutes of inactivity
    cookieOptions: {
      sameSite: 'Lax', // Recommended for basic CSRF protection in modern browsers
      path: '/', // Required for this library to work properly
      httpOnly: true, // Recommended to avoid XSS attacks
    },
  }),
)
app.use(logger())
app.use(cors())
app.use('/*', serveStatic({ root: './src/public' }))

app.route('/', home)
app.route('/login', login)
app.route('/logout', logout)
app.route('/auth', auth)

export default app
import { serveStatic } from 'hono/bun'
import { logger } from 'hono/logger'
import { cors } from 'hono/cors'
import { type WithSession, Hono, sessionMiddleware, store } from './Hono'

import home from './pages/home'
import login from './routes/login'
import logout from './routes/logout'
import auth from './routes/auth'

const app = new Hono<WithSession>()

app.use(
  '*',
  sessionMiddleware({
    store,
    encryptionKey: Bun.env.SAGE_SESSION_ENCRYPTION_KEY,
    // Required for CookieStore, recommended for others
    expireAfterSeconds: 15 * 60, // Expire session after 15 minutes of inactivity
    cookieOptions: {
      sameSite: 'Lax', // Recommended for basic CSRF protection in modern browsers
      path: '/', // Required for this library to work properly
      httpOnly: true, // Recommended to avoid XSS attacks
    },
  }),
)
app.use(logger())
app.use(cors())
app.use('/*', serveStatic({ root: './src/public' }))

app.route('/', home)
app.route('/login', login)
app.route('/logout', logout)
app.route('/auth', auth)

export default app
`export type WithSession = {
  Variables: {
    session: Session
    session_key_rotation: boolean
  }
}
`export type WithSession = {
  Variables: {
    session: Session
    session_key_rotation: boolean
  }
}
Basically whatever is written to c.get('session').set('something') is not seen by the other routes on redirect.
Nico
Nico5mo ago
c.set/get only work between a single route and it’s middleware. Every request made to the server resets all the state. That includes a redirect, that is done by the browser meaning it is a new request
andystevenson
andystevenson5mo ago
Oh ... right. I though the sessionMiddleware would store state on all '*' routes?
Nico
Nico5mo ago
So the middleware will share to all routes. But each route after a return is made and final middleware is ran, context variables are reset. Then they will be created again when that middleware runs
andystevenson
andystevenson5mo ago
Ok thanks for the help
Want results from more Discord servers?
Add your server