Red.CookieSessions 1.2.0

.NET Core 2.0
There is a newer version of this package available.
See the version list below for details.
dotnet add package Red.CookieSessions --version 1.2.0
NuGet\Install-Package Red.CookieSessions -Version 1.2.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Red.CookieSessions" Version="1.2.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Red.CookieSessions --version 1.2.0
#r "nuget: Red.CookieSessions, 1.2.0"
#r directive can be used in F# Interactive, C# scripting and .NET Interactive. Copy this into the interactive tool or source code of the script to reference the package.
// Install Red.CookieSessions as a Cake Addin
#addin nuget:?package=Red.CookieSessions&version=1.2.0

// Install Red.CookieSessions as a Cake Tool
#tool nuget:?package=Red.CookieSessions&version=1.2.0

Simple session management middleware for Red.


After installing and referencing this library, the Red.Request has the extension methods OpenSession(sessionData) and GetSession().

OpenSession(sessionData) will open a new session and add a header to the response associated with the request.

GetSession<TSession>() will return the CookieSession object wrapping the TSession-data, which has two methods: Renew() and Close(), and the field Data, which holds the session-data object


class MySession 
    public string Username;

server.Use(new CookieSessions<MySession>(new CookieSessionSettings(TimeSpan.FromDays(1))
{   // We allow unauthenticated users to send requests to /login, so we can authenticate them
    Excluded = { "/login" }
server.Post("/login", async (req, res) =>
    var form = await res.GetFormDataAsync();
    if (ValidForm(form) && Authenticate(form["username"], form["password"]))
        req.OpenSession(new MySession {Username = form["username"]}); // Here we just have the username as session-data
        await res.SendStatus(HttpStatusCode.OK);
        await res.SendStatus(HttpStatusCode.BadRequest);
// Only authenticated users are allowed to /friends
server.Get("/friends", async (req, res) => 
    var session = req.GetSession<MySession>();
    var friends = database.GetFriendsOfUser(session.Username);
    await res.SendJson(friends);
server.Post("/logout", async (req, res) => 
    await res.SendStatus(HttpStatusCode.OK);

OpenSession will open a new session and attach a Set-Cookie header to the associated response. This header's value contains the token used for authentication. The token is generated using the RandomNumberGenerator from System.Security.Cryptography, so it shouldn't be too easy to "guess" other tokens, even with knowledge of some tokens.

Product Versions
.NET net5.0 net5.0-windows net6.0 net6.0-android net6.0-ios net6.0-maccatalyst net6.0-macos net6.0-tvos net6.0-windows
.NET Core netcoreapp2.0 netcoreapp2.1 netcoreapp2.2 netcoreapp3.0 netcoreapp3.1
Compatible target framework(s)
Additional computed target framework(s)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (4)

Showing the top 4 NuGet packages that depend on Red.CookieSessions:

Package Downloads

A EntityFrameworkCore session store for Red.CookieSessions


A LiteDB session store for Red.CookieSessions


A SQLite session store for Red.CookieSessions, to persists sessions


A Redis session store for Red.CookieSessions

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
5.1.0 1,137 2/22/2020
5.0.0 1,487 1/3/2020
4.1.0 1,565 9/29/2019
4.0.1 837 9/29/2019
4.0.0 448 9/29/2019
3.1.0 662 5/16/2019
3.0.2 736 4/30/2019
3.0.1 742 3/10/2019
3.0.0 521 3/10/2019
2.2.0 656 1/9/2019
2.1.1 693 9/12/2018
2.1.0 666 9/12/2018
2.0.0 912 6/26/2018
1.3.0 807 5/20/2018
1.2.1 774 5/19/2018
1.2.0 807 5/19/2018
1.1.0 965 4/20/2018
1.0.0 837 3/26/2018

changed the way to determine whether a path requires authentication. Now using Func<string,bool>