Hono•8mo ago

hono-sessions not sharing state between routes.

Hi was just working through hello world login/logout scenario but cannot seem to get the state shared between different routes created in separate files?

6 Replies

Nico•8mo ago

Can you post any code of what your tried so we can see

andystevensonOP•8mo ago

import { serveStatic } from 'hono/bun'
import { logger } from 'hono/logger'
import { cors } from 'hono/cors'
import { type WithSession, Hono, sessionMiddleware, store } from './Hono'

import home from './pages/home'
import login from './routes/login'
import logout from './routes/logout'
import auth from './routes/auth'

const app = new Hono<WithSession>()

app.use(
  '*',
  sessionMiddleware({
    store,
    encryptionKey: Bun.env.SAGE_SESSION_ENCRYPTION_KEY,
    // Required for CookieStore, recommended for others
    expireAfterSeconds: 15 * 60, // Expire session after 15 minutes of inactivity
    cookieOptions: {
      sameSite: 'Lax', // Recommended for basic CSRF protection in modern browsers
      path: '/', // Required for this library to work properly
      httpOnly: true, // Recommended to avoid XSS attacks
    },
  }),
)
app.use(logger())
app.use(cors())
app.use('/*', serveStatic({ root: './src/public' }))

app.route('/', home)
app.route('/login', login)
app.route('/logout', logout)
app.route('/auth', auth)

export default app

import { serveStatic } from 'hono/bun'
import { logger } from 'hono/logger'
import { cors } from 'hono/cors'
import { type WithSession, Hono, sessionMiddleware, store } from './Hono'

import home from './pages/home'
import login from './routes/login'
import logout from './routes/logout'
import auth from './routes/auth'

const app = new Hono<WithSession>()

app.use(
  '*',
  sessionMiddleware({
    store,
    encryptionKey: Bun.env.SAGE_SESSION_ENCRYPTION_KEY,
    // Required for CookieStore, recommended for others
    expireAfterSeconds: 15 * 60, // Expire session after 15 minutes of inactivity
    cookieOptions: {
      sameSite: 'Lax', // Recommended for basic CSRF protection in modern browsers
      path: '/', // Required for this library to work properly
      httpOnly: true, // Recommended to avoid XSS attacks
    },
  }),
)
app.use(logger())
app.use(cors())
app.use('/*', serveStatic({ root: './src/public' }))

app.route('/', home)
app.route('/login', login)
app.route('/logout', logout)
app.route('/auth', auth)

export default app

`export type WithSession = {
  Variables: {
    session: Session
    session_key_rotation: boolean
  }
}

`export type WithSession = {
  Variables: {
    session: Session
    session_key_rotation: boolean
  }
}

Basically whatever is written to c.get('session').set('something') is not seen by the other routes on redirect.

Nico•8mo ago

c.set/get only work between a single route and it’s middleware. Every request made to the server resets all the state. That includes a redirect, that is done by the browser meaning it is a new request

andystevensonOP•8mo ago

Oh ... right. I though the sessionMiddleware would store state on all '*' routes?

Nico•8mo ago

So the middleware will share to all routes. But each route after a return is made and final middleware is ran, context variables are reset. Then they will be created again when that middleware runs

andystevensonOP•8mo ago

Ok thanks for the help

Gaming

Programming

hono-sessions not sharing state between routes.

Did you find this page helpful?