Session Management

Session management for Basil server handlers. Provides key-value storage that persists across requests using cookie-based sessions.

⚠️ Sessions are only available inside Basil server handlers. They are not available in standalone Parsley scripts.

Note: There is no @std/session module to import. Sessions are accessed via the basil.session object which is automatically available in handler code.

Session Data

.get(key, default?)

Retrieve a value from the session. Returns null (or the default) if the key does not exist:

let username = basil.session.get("username")
let theme = basil.session.get("theme", "light")  // "light" if not set

.set(key, value)

Store a value in the session:

basil.session.set("username", "Alice")
basil.session.set("preferences", {theme: "dark", lang: "en"})

Values are serialized for storage — strings, numbers, booleans, arrays, and dictionaries are supported.

.delete(key)

Remove a key from the session:

basil.session.delete("username")

.has(key)

Check if a key exists in the session:

basil.session.has("username")        // true or false

.clear()

Remove all session data and flash messages:

basil.session.clear()

.all()

Return all session data as a dictionary:

let data = basil.session.all()
data.username                        // "Alice"

Flash Messages

Flash messages are one-time values that are automatically removed after being read. They are commonly used to pass status messages across redirects (e.g., "Item saved successfully").

.flash(key, message)

Set a flash message:

basil.session.flash("success", "Profile updated!")
basil.session.flash("error", "Invalid email address")

.getFlash(key)

Retrieve and remove a flash message. Returns null if no message exists for the key:

let msg = basil.session.getFlash("success")
// msg is "Profile updated!" (and the flash is now deleted)

let again = basil.session.getFlash("success")
// again is null (already consumed)

.getAllFlash()

Retrieve and remove all flash messages as a dictionary:

let flashes = basil.session.getAllFlash()
// {success: "Profile updated!", error: "Invalid email"}
// All flash messages are now cleared

.hasFlash()

Check if any flash messages exist:

basil.session.hasFlash()             // true or false

Session Regeneration

.regenerate()

Regenerate the session, preserving existing data. Use this after authentication to prevent session fixation attacks:

// After successful login
basil.session.set("userId", user.id)
basil.session.regenerate()

Methods Summary

Method Args Returns Description
.get(key, default?) string, any? any Get session value
.set(key, value) string, any null Set session value
.delete(key) string null Remove session value
.has(key) string boolean Check if key exists
.clear() none null Remove all data and flash messages
.all() none dictionary Get all session data
.flash(key, msg) string, string null Set a flash message
.getFlash(key) string string or null Get and remove a flash message
.getAllFlash() none dictionary Get and remove all flash messages
.hasFlash() none boolean Any flash messages exist?
.regenerate() none null Regenerate the session

Common Patterns

Login / Logout

// Login handler
fn handleLogin(req) {
    let user = authenticate(req.body.email, req.body.password)
    check user != null else api.unauthorized("Invalid credentials")

    basil.session.set("userId", user.id)
    basil.session.set("role", user.role)
    basil.session.regenerate()
    basil.session.flash("success", "Welcome back, " + user.name + "!")

    api.redirect("/dashboard")
}

// Logout handler
fn handleLogout(req) {
    basil.session.clear()
    basil.session.flash("info", "You have been logged out")
    api.redirect("/")
}

Displaying Flash Messages

// In a page template
let flashes = basil.session.getAllFlash()

if (flashes.success) {
    <div class=alert-success>flashes.success</div>
}
if (flashes.error) {
    <div class=alert-error>flashes.error</div>
}

Key Differences from Other Languages

See Also