1 let XDate = require('xdate')
2 let cookie = require('cookie')
3 let crypto = require('crypto')
5 return async (env, transaction) => {
6 let cookies = cookie.parse(env.request.headers.cookie || '')
10 await transaction.get({})
13 let session_key, session, expires = new XDate(now)
15 Object.prototype.hasOwnProperty.call(cookies, 'session_key') &&
17 session = await sessions.get(session_key = cookies.session_key)
19 now < await session.get('expires', 0)
21 // if session key is already in database, we know the requester supports
22 // cookies, therefore each access extends the session expiry by 1 month
25 // first request for session, maybe a bot, retain session for only 1 day
28 session_key = crypto.randomBytes(16).toString('hex')
29 } while (sessions.has(session_key))
30 session = transaction.LazyObject()
31 sessions.set(session_key, session)
34 await session.set('expires', expires.getTime())
36 env.response.setHeader(
38 `session_key=${session_key}; expires=${expires.toUTCString()}; path=/;`
40 env.session_key = session_key