Docs Build Status - Master macOS Linux Apache 2 Slack Status


A pluggable framework for managing user sessions in a Swift server using Kitura


A pluggable framework for managing user sessions in a Swift server using Kitura

Table of Contents

Swift version

The latest version of Kitura-Session requires Swift 4.0. You can download this version of the Swift binaries by following this link. Compatibility with other Swift versions is not guaranteed.


In order to use the Session middleware, an instance of Session has to be created:

public init(secret: String, cookie: [CookieParameter]?=nil, store: Store?=nil)


  • secret is a String to be used for session encoding. It should be a large unguessable string, say minimum 14 characters long.
  • cookie is a list of options for session’s cookies. The options are (specified in CookieParameter enumeration): name - cookie’s name, defaults to kitura-session-id, path - cookie’s Path attribute defaults to /, secure - cookie’s Secure attribute, false by default, and maxAge - an NSTimeInterval with cookie’s expiration time in seconds, defaults to -1.0, i.e., no expiration.
  • store is an instance of a plugin for session backing store that implements Store protocol. If not set, InMemoryStore is used.

The last two parameters are optional.

The secret parameter is used to secure the session ID and ensure that the session ID cannot be guessed. Secret is used to derive a pair of encryption and signature keys via PBKDF2 and a fixed IV to make the session ID cookie be authenticated encrypted. Secret isn’t used directly to encrypt or compute the MAC of the cookie.


This is an example of Session middleware with KituraSessionRedis plugin:

import KituraSession
import KituraSessionRedis

let redisStore = RedisStore(redisHost: host, redisPort: port)
let session = Session(secret: "Some secret", store: redisStore)
router.all(middleware: session)

First an instance of RedisStore is created (see KituraSessionRedis for more information), then an instance of Session with the store as parameter is created, and finally it is connected to the desired path.



This library is licensed under Apache 2.0. Full license text is available in LICENSE.