Since HTTP driven applications are stateless, sessions provide a way to store information about the user across requests.
Strapi provides "guest" sessions, meaning any visitor will have a session,
authenticated or not. If a session is new a Set-Cookie will be produced regardless
of populating the session.
Strapi only supports cookie sessions, for now.
The current session is available in this.session inside a controller action.
module.exports = {
find: function *() {
// Limit request rate to 100
if (this.session.views < 100) {
try {
this.session.views++;
this.body = yield Post.find(this.params);
} catch (error) {
this.body = error;
}
} else {
this.body = 'You have reached your request rate limit';
}
}
}; To destroy an active session, simply set it to null:
module.exports = {
logout: function () {
try {
this.session = null;
this.redirect('./');
} catch (error) {
this.body = error;
}
}
};