Skip to content

Commit a3d76c3

Browse files
pilcrowonpaperpilcrowonpaper
authored
Move migration guide (#1800)
1 parent 8b2a0df commit a3d76c3

File tree

2 files changed

+50
-2
lines changed

2 files changed

+50
-2
lines changed

malta.config.json

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,8 +10,7 @@
1010
"pages": [
1111
["Overview", "/sessions/overview"],
1212
["Basic API", "/sessions/basic-api"],
13-
["Cookies", "/sessions/cookies"],
14-
["Migrate from Lucia v3", "/sessions/migrate-lucia-v3"]
13+
["Cookies", "/sessions/cookies"]
1514
]
1615
},
1716
{
@@ -34,6 +33,10 @@
3433
"title": "Rate limiting",
3534
"pages": [["Token bucket", "/rate-limit/token-bucket"]]
3635
},
36+
{
37+
"title": "Lucia v3",
38+
"pages": [["Migrate", "/lucia-v3/migrate"]]
39+
},
3740
{
3841
"title": "Community",
3942
"pages": [

pages/lucia-v3/migrate.md

Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,45 @@
1+
---
2+
title: "Migrate from Lucia v3"
3+
---
4+
5+
# Migrate from Lucia v3
6+
7+
Lucia v3 has been deprecated. Lucia is now a learning resource for implementing sessions and more.
8+
9+
## Background
10+
11+
We ultimately came to the conclusion that it'd be easier and faster to just implement sessions from scratch. The database adapter model wasn't flexible enough for such a low-level library and severely limited the library design.
12+
13+
## Migration path
14+
15+
Replacing Lucia v3 with your own implementation should be a straight-forward path, especially since most of your knowledge will still be very useful. No database migrations are necessary.
16+
17+
APIs on sessions are covered in the [Basic session API](/sessions/basic-api) page.
18+
19+
- `Lucia.createSession()` => `generateSessionToken()` and `createSession()`
20+
- `Lucia.validateSession()` => `validateSessionToken()`
21+
- `Lucia.invalidateSession()` => `invalidateSession()`
22+
23+
APIs on cookies are covered in the [Session cookies](/sessions/cookies) page.
24+
25+
- `Lucia.createSessionCookie()` => `setSessionTokenCookie()`
26+
- `Lucia.createBlankSessionCookie()` => `deleteSessionTokenCookie()`
27+
28+
The one change to how sessions work is that session tokens are now hashed before storage. The pre-hash token is the client-assigned session ID and the hash is the internal session ID. The easiest option would be to purge all existing sessions, but if you want keep existing sessions, SHA-256 and hex-encode the session IDs stored in the database. Or, you can skip the hashing altogether. Hashing is a good measure against database leaks, but not absolutely necessary.
29+
30+
```ts
31+
export function createSession(userId: number): Session {
32+
const bytes = new Uint8Array(20);
33+
crypto.getRandomValues(bytes);
34+
const sessionId = encodeBase32LowerCaseNoPadding(bytes);
35+
// Insert session into database.
36+
return session;
37+
}
38+
39+
export function validateSessionToken(sessionId: string): SessionValidationResult {
40+
// Get and validate session
41+
return { session, user };
42+
}
43+
```
44+
45+
If you need help or have any questions, please ask them on [Discord](https://discord.com/invite/PwrK3kpVR3) or on [GitHub discussions](https://github.com/lucia-auth/lucia/discussions).

0 commit comments

Comments
 (0)