Site Home
Guides
LoginTry for Free
Start typing to search…

Add Session Middleware

Set up session middleware to manage your application's authenticated sessions.

To manage the user's authenticated state, you'll need to add Wristband's session middleware to your application. This middleware attaches a req.session object to each incoming request, which stores information about the authenticated user. The session data is securely stored in an encrypted cookie, and on subsequent requests, the middleware automatically decrypts the cookie and restores the session state.

Configure Session Middleware

To enable session management, add the Wristband SDK’s session middleware to your Express application via the createWristbandSession() function. You'll need to provide a secret (at least 32 characters long) for the secrets value. You can generate a secure secret using 1Password's password generator .

⚙️

Disabling Secure Session Cookies in Local Development

By default, session cookies are marked as secure, meaning they are only sent over HTTPS connections. Most browsers make an exception for localhost and allow secure cookies to be sent over HTTP (e.g., http://localhost). However, some browsers, such as Safari, enforce stricter rules and never send secure cookies over HTTP, even for localhost.

If you need to disable the secure flag for local development, set secure: false in createWristbandSession. However, be sure to restore secure: true in production to protect session data.

// src/app.ts

import express from 'express';
import { createWristbandSession } from '@wristband/express-auth/session';

const app = express();

// Initialize the session middleware for encrypted, cookie-based sessions.
app.use(
  createWristbandSession({
    secrets: '<your-generated-secret>',
  })
);

// Your other application setup...
// src/app.ts

import express from 'express';
import { createWristbandSession } from '@wristband/express-auth/session';

const app = express();

// Initialize the session middleware for encrypted, cookie-based sessions.
app.use(
  createWristbandSession({
    secrets: '<your-generated-secret>',
    secure: false,
  })
);

// Your other application setup...

Updated 3 days ago

What’s Next

Next, you'll use the Wristband SDK to create the necessary authentication endpoints in your Express server.