mirror of
https://github.com/strapi/strapi.git
synced 2025-10-31 01:47:13 +00:00
47 lines
1.0 KiB
Markdown
47 lines
1.0 KiB
Markdown
|
# Sessions
|
||
|
|
|
||
|
|
Since HTTP driven applications are stateless, sessions provide a way to store information
|
||
|
|
about the user across requests.
|
||
|
|
|
||
|
|
Strapi provides "guest" sessions, meaning any visitor will have a session,
|
||
|
|
authenticated or not. If a session is new a `Set-Cookie` will be produced regardless
|
||
|
|
of populating the session.
|
||
|
|
|
||
|
|
Strapi only supports cookie sessions, for now.
|
||
|
|
|
||
|
|
The current session is available in `this.session` inside a controller action.
|
||
|
|
|
||
|
|
```js
|
||
|
|
module.exports = {
|
||
|
|
find: function *() {
|
||
|
|
|
||
|
|
// Limit request rate to 100
|
||
|
|
if (this.session.views < 100) {
|
||
|
|
try {
|
||
|
|
this.session.views++;
|
||
|
|
this.body = yield Post.find(this.params);
|
||
|
|
} catch (error) {
|
||
|
|
this.body = error;
|
||
|
|
}
|
||
|
|
} else {
|
||
|
|
this.body = 'You have reached your request rate limit';
|
||
|
|
}
|
||
|
|
}
|
||
|
|
};
|
||
|
|
```
|
||
|
|
|
||
|
|
To destroy an active session, simply set it to `null`:
|
||
|
|
|
||
|
|
```js
|
||
|
|
module.exports = {
|
||
|
|
logout: function () {
|
||
|
|
try {
|
||
|
|
this.session = null;
|
||
|
|
this.redirect('./');
|
||
|
|
} catch (error) {
|
||
|
|
this.body = error;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
};
|
||
|
|
```
|