session-management

Implement secure session management systems with JWT tokens, session storage, token refresh, logout handling, and CSRF protection. Use when managing user authentication state, handling token lifecycle, and securing sessions.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "session-management" with this command: npx skills add aj-geddes/useful-ai-prompts/aj-geddes-useful-ai-prompts-session-management

Session Management

Table of Contents

Overview

Implement comprehensive session management systems with secure token handling, session persistence, token refresh mechanisms, proper logout procedures, and CSRF protection across different backend frameworks.

When to Use

  • Implementing user authentication systems
  • Managing session state and user context
  • Handling JWT token refresh cycles
  • Implementing logout functionality
  • Protecting against CSRF attacks
  • Managing session expiration and cleanup

Quick Start

Minimal working example:

# Python/Flask Example
from flask import current_app
from datetime import datetime, timedelta
import jwt
import os

class TokenManager:
    def __init__(self, secret_key=None):
        self.secret_key = secret_key or os.getenv('JWT_SECRET')
        self.algorithm = 'HS256'
        self.access_token_expires_hours = 1
        self.refresh_token_expires_days = 7

    def generate_tokens(self, user_id, email, role='user'):
        """Generate both access and refresh tokens"""
        now = datetime.utcnow()

        # Access token
        access_payload = {
            'user_id': user_id,
            'email': email,
            'role': role,
            'type': 'access',
            'iat': now,
            'exp': now + timedelta(hours=self.access_token_expires_hours)
// ... (see reference guides for full implementation)

Reference Guides

Detailed implementations in the references/ directory:

GuideContents
JWT Token Generation and ValidationJWT Token Generation and Validation
Node.js/Express JWT ImplementationNode.js/Express JWT Implementation
Session Storage with RedisSession Storage with Redis
CSRF ProtectionCSRF Protection
Session Middleware ChainSession Middleware Chain
Token Refresh EndpointToken Refresh Endpoint
Session Cleanup and MaintenanceSession Cleanup and Maintenance

Best Practices

✅ DO

  • Use HTTPS for all session transmission
  • Implement secure cookies (httpOnly, sameSite, secure flags)
  • Use JWT with proper expiration times
  • Implement token refresh mechanism
  • Store refresh tokens securely
  • Validate tokens on every request
  • Use strong secret keys
  • Implement session timeout
  • Log authentication events
  • Clear session data on logout
  • Use CSRF tokens for state-changing requests

❌ DON'T

  • Store sensitive data in tokens
  • Use short secret keys
  • Transmit tokens in URLs
  • Ignore token expiration
  • Reuse token secrets across environments
  • Store tokens in localStorage (use httpOnly cookies)
  • Implement session without HTTPS
  • Forget to validate token signatures
  • Expose session IDs in logs
  • Use predictable session IDs

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

nodejs-express-server

No summary provided by upstream source.

Repository SourceNeeds Review
506-aj-geddes
General

markdown-documentation

No summary provided by upstream source.

Repository SourceNeeds Review
454-aj-geddes
General

rest-api-design

No summary provided by upstream source.

Repository SourceNeeds Review
413-aj-geddes
General

architecture-diagrams

No summary provided by upstream source.

Repository SourceNeeds Review
370-aj-geddes