A hapi session manager.

Latest Version: 10.1.1

npm: npm install @hapi/yar

yarn: yarn add @hapi/yar

Module Status:
Version License Node Dependencies CI
hapi helmet github logo
BSD 12, 14, 16 Dependency Status Build Status


yar add session support to hapi - a persistent state across multiple browser requests using an iron encrypted cookie and server-side storage. yar tries to fit session data into a session cookie based on a configured maximum size. If the content is too big to fit, it uses server storage via the hapi plugin cache interface.


For example, the first handler sets a session key and the second gets it:

let handler1 = (request, reply) => {

    request.yar.set('example', { key: 'value' });

    return null;

let handler2 = (request, reply) => {

    const example = request.yar.get('example');
    return example.key;     // Will send back 'value'

The plugin requires a password for encryption that must be at least 32 characters long:

let options = {
    storeBlank: false,
    cookieOptions: {
        password: 'the-password-must-be-at-least-32-characters-long',
        isSecure: true
Please note that there are other default cookie options that can impact your security.
Please look at the description of the cookie options below to make sure this is doing
what you expect.

const server = new Hapi.Server();

try {
  await server.register({
      plugin: require('@hapi/yar'),
      options: options
} catch(err) {

await server.start();