Agent-Skills.md

Agent Skills: Session Management

Implement secure session management systems with JWT tokens, session storage, token refresh, logout handling, and CSRF protection. Use when managing user authentication state, handling token lifecycle, and securing sessions.

UncategorizedID: aj-geddes/useful-ai-prompts/session-management

Repository

aj-geddes/useful-ai-prompts
aj-geddesLicense: MIT
607

Install this agent skill to your local

pnpm dlx add-skill https://github.com/aj-geddes/useful-ai-prompts/tree/HEAD/skills/session-management

Skill Files

Browse the full folder contents for session-management.

Download Skill

Loading file tree…

skills/session-management/SKILL.md

Skill Metadata

Name
session-management
Description
>

Session Management

Table of Contents

Overview

Implement comprehensive session management systems with secure token handling, session persistence, token refresh mechanisms, proper logout procedures, and CSRF protection across different backend frameworks.

When to Use

  • Implementing user authentication systems
  • Managing session state and user context
  • Handling JWT token refresh cycles
  • Implementing logout functionality
  • Protecting against CSRF attacks
  • Managing session expiration and cleanup

Quick Start

Minimal working example:

# Python/Flask Example
from flask import current_app
from datetime import datetime, timedelta
import jwt
import os

class TokenManager:
    def __init__(self, secret_key=None):
        self.secret_key = secret_key or os.getenv('JWT_SECRET')
        self.algorithm = 'HS256'
        self.access_token_expires_hours = 1
        self.refresh_token_expires_days = 7

    def generate_tokens(self, user_id, email, role='user'):
        """Generate both access and refresh tokens"""
        now = datetime.utcnow()

        # Access token
        access_payload = {
            'user_id': user_id,
            'email': email,
            'role': role,
            'type': 'access',
            'iat': now,
            'exp': now + timedelta(hours=self.access_token_expires_hours)
// ... (see reference guides for full implementation)

Reference Guides

Detailed implementations in the references/ directory:

| Guide | Contents | |---|---| | JWT Token Generation and Validation | JWT Token Generation and Validation | | Node.js/Express JWT Implementation | Node.js/Express JWT Implementation | | Session Storage with Redis | Session Storage with Redis | | CSRF Protection | CSRF Protection | | Session Middleware Chain | Session Middleware Chain | | Token Refresh Endpoint | Token Refresh Endpoint | | Session Cleanup and Maintenance | Session Cleanup and Maintenance |

Best Practices

✅ DO

  • Use HTTPS for all session transmission
  • Implement secure cookies (httpOnly, sameSite, secure flags)
  • Use JWT with proper expiration times
  • Implement token refresh mechanism
  • Store refresh tokens securely
  • Validate tokens on every request
  • Use strong secret keys
  • Implement session timeout
  • Log authentication events
  • Clear session data on logout
  • Use CSRF tokens for state-changing requests

❌ DON'T

  • Store sensitive data in tokens
  • Use short secret keys
  • Transmit tokens in URLs
  • Ignore token expiration
  • Reuse token secrets across environments
  • Store tokens in localStorage (use httpOnly cookies)
  • Implement session without HTTPS
  • Forget to validate token signatures
  • Expose session IDs in logs
  • Use predictable session IDs