Bootspring
HomeGet Started

Session Management

User session persistence, multi-device tracking, session revocation, and activity monitoring with JWT or database-backed storage.

What's Included#

  • JWT and database session strategy configuration
  • Session refresh and expiry management
  • Client-side session update via useSession hook
  • Multi-device active session listing with user agent and IP tracking
  • Session revocation (single session and all other sessions)
  • Session middleware for protected route enforcement
  • Role-based session guards (requireAuth, requireRole)

Usage#

Via CLI#

Loading code block...

Via AI Assistant#

Ask your AI assistant:

  • "Use the session management pattern from Bootspring"
  • "Apply the Bootspring session management pattern to my project"

Key Considerations#

  • Track session metadata (user agent, IP address, last active time) for security visibility
  • Allow users to view and revoke sessions on other devices
  • Set reasonable session expiry durations that balance security with convenience
  • Update activity timestamps to support idle detection and cleanup
  • Use httpOnly, secure, and sameSite cookie flags for session tokens

Related Patterns#

  • JWT - JWT token handling
  • RBAC - Role-based access control
  • MFA - Multi-factor authentication