From aj-geddes-useful-ai-prompts-4
Implements secure session management with JWT tokens, session storage, token refresh, logout handling, and CSRF protection. Useful for user authentication state and token lifecycle management.
How this skill is triggered — by the user, by Claude, or both
Slash command
/aj-geddes-useful-ai-prompts-4:session-managementThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
- [Overview](#overview)
references/csrf-protection.mdreferences/jwt-token-generation-and-validation.mdreferences/nodejsexpress-jwt-implementation.mdreferences/session-cleanup-and-maintenance.mdreferences/session-middleware-chain.mdreferences/session-storage-with-redis.mdreferences/token-refresh-endpoint.mdscripts/security-checklist.shImplement comprehensive session management systems with secure token handling, session persistence, token refresh mechanisms, proper logout procedures, and CSRF protection across different backend frameworks.
Minimal working example:
# Python/Flask Example
from flask import current_app
from datetime import datetime, timedelta
import jwt
import os
class TokenManager:
def __init__(self, secret_key=None):
self.secret_key = secret_key or os.getenv('JWT_SECRET')
self.algorithm = 'HS256'
self.access_token_expires_hours = 1
self.refresh_token_expires_days = 7
def generate_tokens(self, user_id, email, role='user'):
"""Generate both access and refresh tokens"""
now = datetime.utcnow()
# Access token
access_payload = {
'user_id': user_id,
'email': email,
'role': role,
'type': 'access',
'iat': now,
'exp': now + timedelta(hours=self.access_token_expires_hours)
// ... (see reference guides for full implementation)
Detailed implementations in the references/ directory:
| Guide | Contents |
|---|---|
| JWT Token Generation and Validation | JWT Token Generation and Validation |
| Node.js/Express JWT Implementation | Node.js/Express JWT Implementation |
| Session Storage with Redis | Session Storage with Redis |
| CSRF Protection | CSRF Protection |
| Session Middleware Chain | Session Middleware Chain |
| Token Refresh Endpoint | Token Refresh Endpoint |
| Session Cleanup and Maintenance | Session Cleanup and Maintenance |
npx claudepluginhub joshuarweaver/cascade-code-languages-misc-1 --plugin aj-geddes-useful-ai-prompts-4Implement secure session handling with proper token generation, storage, expiry, CSRF protection, and session invalidation.
Implements secure session management with cryptographically random tokens, HttpOnly/Secure/SameSite cookies, and timeout enforcement to prevent hijacking and fixation.
Implements secure session management using JWT tokens, Redis storage, refresh flows, and secure cookies in Node.js/Express apps. Use for authentication systems, user sessions, and logout.