Class: SessionManager

Defined in: src/auth/session/session-manager.ts:153

Session manager implementation.

Remarks

Provides Redis-backed session management with:

• Cryptographically secure session IDs (UUID v4)
• Per-user session tracking and limits
• Sliding window expiration on activity
• Token blacklisting for logout

Example

const sessionManager = new SessionManager({
  redis,
  logger,
  config: {
    sessionExpirationSeconds: 86400 * 7, // 1 week
    maxSessionsPerUser: 5,
  },
});

const session = await sessionManager.createSession(
  'did:plc:abc123',
  {
    ipAddress: '192.168.1.1',
    userAgent: 'Mozilla/5.0...',
    scope: ['read', 'write'],
  }
);

Implements

• ISessionManager

Constructors

new SessionManager()

new SessionManager(options): SessionManager

Defined in: src/auth/session/session-manager.ts:163

Creates a new SessionManager.

Parameters

options

SessionManagerOptions

Manager options

Returns

SessionManager

Methods

createSession()

createSession(did, metadata): Promise<Session>

Defined in: src/auth/session/session-manager.ts:176

Creates a new session for an authenticated user.

Parameters

did

DID

User's DID

metadata

SessionMetadata

Session metadata

Returns

Promise<Session>

Created session

Implementation of

ISessionManager.createSession

---

getSession()

getSession(sessionId): Promise<null | Session>

Defined in: src/auth/session/session-manager.ts:221

Gets a session by ID.

Parameters

sessionId

string

Session identifier

Returns

Promise<null | Session>

Session or null if not found/expired/revoked

Implementation of

ISessionManager.getSession

---

isTokenRevoked()

isTokenRevoked(jti): Promise<boolean>

Defined in: src/auth/session/session-manager.ts:391

Checks if a token has been revoked.

Parameters

jti

string

JWT ID

Returns

Promise<boolean>

True if token is revoked

Implementation of

ISessionManager.isTokenRevoked

---

listSessions()

listSessions(did): Promise<readonly Session[]>

Defined in: src/auth/session/session-manager.ts:354

Lists all active sessions for a user.

Parameters

did

DID

User's DID

Returns

Promise<readonly Session[]>

Array of active sessions, newest first

Implementation of

ISessionManager.listSessions

---

revokeAllSessions()

revokeAllSessions(did): Promise<void>

Defined in: src/auth/session/session-manager.ts:318

Revokes all sessions for a user.

Parameters

did

DID

User's DID

Returns

Promise<void>

Implementation of

ISessionManager.revokeAllSessions

---

revokeSession()

revokeSession(sessionId): Promise<void>

Defined in: src/auth/session/session-manager.ts:291

Revokes a session.

Parameters

sessionId

string

Session identifier

Returns

Promise<void>

Implementation of

ISessionManager.revokeSession

---

revokeToken()

revokeToken(jti, expiresAt): Promise<void>

Defined in: src/auth/session/session-manager.ts:403

Adds a token to the revocation blacklist.

Parameters

jti

string

JWT ID

expiresAt

Date

Token expiration timestamp

Returns

Promise<void>

Implementation of

ISessionManager.revokeToken

---

updateSession()

updateSession(sessionId, updates): Promise<void>

Defined in: src/auth/session/session-manager.ts:252

Updates a session.

Parameters

sessionId

string

Session identifier

updates

SessionUpdate

Fields to update

Returns

Promise<void>

Implementation of

ISessionManager.updateSession