> iron-session
Manage encrypted sessions in Next.js with iron-session. Use for session auth, encrypted cookies, or stateless sessions without a database.
curl "https://skillshub.wtf/TerminalSkills/skills/iron-session?format=md"iron-session
Overview
iron-session stores session data in encrypted, signed cookies. No database needed. AES-256 encryption + HMAC-SHA256 signing. Works with Next.js App Router and Express.
Instructions
Step 1: Configuration
import { getIronSession } from 'iron-session'
import { cookies } from 'next/headers'
interface SessionData { userId?: string; role?: string; isLoggedIn: boolean }
const options = {
password: process.env.SESSION_SECRET!,
cookieName: 'myapp_session',
cookieOptions: { secure: process.env.NODE_ENV === 'production', httpOnly: true, sameSite: 'lax' as const, maxAge: 604800 },
}
export async function getSession() {
return getIronSession<SessionData>(await cookies(), options)
}
Step 2: Login/Logout
// POST /api/auth/login
const session = await getSession()
session.userId = user.id
session.role = user.role
session.isLoggedIn = true
await session.save()
// POST /api/auth/logout
const session = await getSession()
session.destroy()
Step 3: Protected Pages
export default async function DashboardPage() {
const session = await getSession()
if (!session.isLoggedIn) redirect('/login')
return <Dashboard userId={session.userId!} />
}
Guidelines
- SESSION_SECRET: min 32 chars. Generate with
openssl rand -hex 32. - Cookie limit is 4KB — store IDs only, not large objects.
- Stateless = no revocation by default. Add version check for revocation.
- Always httpOnly + secure in production.
> related_skills --same-repo
> zustand
You are an expert in Zustand, the small, fast, and scalable state management library for React. You help developers manage global state without boilerplate using Zustand's hook-based stores, selectors for performance, middleware (persist, devtools, immer), computed values, and async actions — replacing Redux complexity with a simple, un-opinionated API in under 1KB.
> zoho
Integrate and automate Zoho products. Use when a user asks to work with Zoho CRM, Zoho Books, Zoho Desk, Zoho Projects, Zoho Mail, or Zoho Creator, build custom integrations via Zoho APIs, automate workflows with Deluge scripting, sync data between Zoho apps and external systems, manage leads and deals, automate invoicing, build custom Zoho Creator apps, set up webhooks, or manage Zoho organization settings. Covers Zoho CRM, Books, Desk, Projects, Creator, and cross-product integrations.
> zod
You are an expert in Zod, the TypeScript-first schema declaration and validation library. You help developers define schemas that validate data at runtime AND infer TypeScript types at compile time — eliminating the need to write types and validators separately. Used for API input validation, form validation, environment variables, config files, and any data boundary.
> zipkin
Deploy and configure Zipkin for distributed tracing and request flow visualization. Use when a user needs to set up trace collection, instrument Java/Spring or other services with Zipkin, analyze service dependencies, or configure storage backends for trace data.