What frameworks are compatible with this skill?

It provides standardized implementation patterns for Node.js (Express/Fastify), Python (Flask/Django), Go (Gin), and Java (Spring Boot).

Can I revoke sessions remotely with this skill?

Yes, it includes guidance on using Scalekit session APIs to view active sessions and revoke them individually or globally for a specific user.

Does this skill support Single Page Applications (SPAs)?

While it includes notes for SPAs, it is primarily optimized for traditional server-rendered web apps using HttpOnly cookies for maximum security against XSS.

How does it handle expired tokens?

The skill implements middleware that detects expired access tokens and automatically uses the refresh token to obtain a new session transparently without interrupting the user experience.

Is encryption mandatory for stored tokens?

Yes, the skill follows a defense-in-depth approach by emphasizing the encryption of tokens before storing them in cookies to prevent unauthorized local access.

Scalekit Session Management

Name: Scalekit Session Management
Author: scalekit-inc

byscalekit-inc

0•

セキュリティとテスト

Implements secure, encrypted session management using Scalekit tokens with automated refresh logic and industry-standard cookie attributes.

This skill automates the implementation of robust user session persistence for server-rendered web applications. It provides standardized patterns for storing access, refresh, and ID tokens using encrypted HttpOnly cookies, ensuring high security against XSS and CSRF. Beyond initial storage, it integrates transparent token validation and rotation middleware, allowing developers to maintain active user sessions effortlessly while providing hooks for remote session revocation and logout management across various backend frameworks including Node.js, Python, Go, and Java.

主な機能

01Secure HttpOnly cookie storage with multi-layer encryption

02Remote session revocation and management via Scalekit APIs

030 GitHub stars

04Cross-framework implementation patterns for Express, Flask, Gin, and Spring

05Strict cookie attribute configuration for Secure and SameSite compliance

06Transparent access token validation and automatic refresh middleware

ユースケース

01Adding secure session persistence to a server-side rendered Express or Flask application

02Implementing 'Sign out of all devices' functionality in a user account dashboard

03Configuring automatic token rotation to mitigate the risk of session hijacking

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add scalekit-inc/claude-code-authstack manage-user-sessions

For use in Claude.ai and ChatGPT

Download Skill