session_box 1.0.5 copy "session_box: ^1.0.5" to clipboard
session_box: ^1.0.5 copied to clipboard

Published 10 days ago
SDKFlutter
PlatformAndroidiOSLinuxmacOSwebWindows
β†’

Metadata

A Flutter package that allows you store your currently logged in user for quick access

More...

⚠️ Discontinued / No longer maintained #

This package is discontinued and is no longer actively maintained.

  • βœ… You can still use it as-is, but no new features or fixes are planned.
  • 🧩 If you depend on it, consider forking this repository and maintaining your own version.
  • πŸ”’ For secure key/value storage alternatives, look at:
    • flutter_secure_storage (secure storage)
    • shared_preferences (non-secure storage)

Last published: v1.0.5.

πŸ—οΈ Session Box for Flutter #

A clean, lightweight, and testable Dart package for securely managing user session data across app restarts using SharedPreferences or flutter_secure_storage.

Designed with SOLID principles and clean architecture, it supports both primitive types (like String, int) and custom objects using JSON serialization.

This is just functionality that I wrote for my own app. I am making it available for everyone to use. Read more below about why you should choose this package.

✨ Features #

  • Choose between secure or plain storage (with encrypt: true)
  • Persist any data type (primitives or complex models)
  • Blazing fast access to session state
  • Fully testable with in-memory mock repository
  • Easy to integrate into any Dart or Flutter app
  • No DB dependency required for login state
  • Forces you to refresh your user id if you make use of the user id functionality

πŸ“¦ Installation #

Add this to your pubspec.yaml:

dependencies:
  session_box: ^1.0.5

Then run:

flutter pub get

πŸš€ Getting Started #

Primitive Example (int - userId) #

You just want to persist a basic value like a userId (e.g. int) and retrieve it later β€” no database involved.

final session = await UserSessionManager.create<int>(encrypt: false);

await session.login(42);                      // Save user ID
final userId = await session.getUser();       // 42
final isLoggedIn = await session.isLoggedIn(); // true

await session.logout(); // User remains persisted until you call this method.

Custom Object Example #

Use case: You manage users in a database and want to persist session identity (e.g. email), not just a raw ID. This lets you safely re-link to the correct user record on app startup, without blindly trusting a stored ID. This package adds safety by only storing the user id in memory, forcing you to refesh the user id on app start up.

class User {
  final int id;
  final String name;
  final String email;

  User(this.id, this.name, this.email);

  Map<String, dynamic> toJson() => {
    'id': id,
    'name': name,
    'email': email,
  };

  factory User.fromJson(Map<String, dynamic> json) => User(
    json['id'],
    json['name'],
    json['email'],
  );
}

// Create the session manager
final session = await SessionBox.create<User>(
  encrypt: true,
  toJson: (user) => user.toJson(),
  fromJson: (json) => User.fromJson(json),

  // Optional: validate the user on app startup
  isValidUser: (user) async {
    final exists = await authService.isValidUser(user.email);
    return exists;
  },
);

// On login
final user = User(1, 'Alice', 'alice@example.com');

await session.login(user);       // Persist session identity (email, name)
await session.setUserId(user.id); // Cache user ID in memory only (not persisted)

// On app startup or resume
final storedUser = await session.getUser();

if (storedUser != null) {
  // Use the stored email to re-fetch the user from the database
  final dbUser = await userRepository.getByEmail(storedUser.email);

  if (dbUser != null) {
    await session.setUserId(dbUser.id); // Safe: this user still exists
  } else {
    await session.logout(); // User no longer exists β€” invalidate session
  }
}

⚠️ Important: Never blindly reuse a previously stored userId. Always resolve it from the database using stable identity fields (like email or username) before calling setUserId(...).

πŸ§ͺ Testing with In-Memory Storage #

For testing without platform dependencies:

final repo = InMemorySessionRepository<User>();
final service = UserSessionService.forTesting(repo);
final session = UserSessionManager.forTesting(service);

API #

SessionBox<T> #

Member / Method Description
static Future<SessionBox<T>> create<T>({ToJson<T>? toJson, FromJson<T>? fromJson, bool encrypt = false, Future<bool> Function(T user)? isValidUser}) Factory to create a session box.
Future<void> login(T user) Persists the full user object
Future<T?> getUser() Gets the persisted user object, or null if none. Useful if you need fields from the stored user (e.g., email).
Future<T?> refreshSession() Re-reads the stored user and (if isValidUser is set) validates it. Returns the valid user or null if invalid.
Future<void> logout() Clears the persisted user and in‑memory userId.
Future<void> setUserId(int userId) Sets an in‑memory only user id (not persisted). Most apps don’t need to call this directly.
int? getUserId() Returns the in‑memory user id (or null if not set). Typically becomes available after your app resolves the real DB user using info from refreshSession().
bool get hasUserId true if an in‑memory user id is set.

When to Use #

Use Case Use this package?
Fast session check at startup βœ… Yes
Managing full user profile data ❌ Use your database
Persisting lightweight identity βœ… Yes
Storing auth tokens securely βœ… Yes (encrypt: true)
Testing login logic without a DB βœ… Yes
Ensuring safe userId refresh flow βœ… Yes (in-memory only, never stale)

πŸ›‘οΈ Security #

  • When encrypt: true, session data is stored securely using flutter_secure_storage

  • βœ… Ideal for storing auth tokens, user identity, or small session payloads

  • ❗ Do not store sensitive data like raw passwords or biometric data

  • 🧠 User ID safety: SessionBox never persists userId, it's stored in memory only. You are encouraged to resolve the ID from your database on app startup (e.g. by email or username) before using it. This avoids relying on potentially stale IDs after DB resets or migrations.

πŸ“‚ Folder Structure #

lib/
β”œβ”€β”€ session_box.dart         # Public API
└── src/
    β”œβ”€β”€ application/
    β”œβ”€β”€ data/
    β”œβ”€β”€ domain/

πŸ“œ License #

BSD 3-Clause "New" or "Revised" License. See LICENSE for details.

← Metadata

1
likes
150
points
192
downloads

Publisher

unverified uploader

Weekly Downloads

Metadata

A Flutter package that allows you store your currently logged in user for quick access

Homepage
Repository (GitHub)
View/report issues

Documentation

API reference

License

BSD-3-Clause (license)

Dependencies

flutter, flutter_secure_storage, shared_preferences

More

Packages that depend on session_box

Back