Server-Side Development with Hapi.js — Sessions and Advanced HTTP Requests

Spread the love

Hapi.js is a small Node framework for developing back end web apps.

In this article, we’ll look at how to create back end apps with Hapi.js.

Advanced HTTP Requests

We can make complex HTTP requests with the @hapi/wreck module.

For example, we can write:

const Wreck = require('@hapi/wreck');
const Https = require('https')
const Http = require('http')

const method = 'GET';
const uri = '/';
const readableStream = Wreck.toReadableStream('foo=bar');

const wreck = Wreck.defaults({
  headers: { 'x-foo-bar': 123 },
  agents: {
    https: new Https.Agent({ maxSockets: 100 }),
    http: new Http.Agent({ maxSockets: 1000 }),
    httpsAllowUnauthorized: new Https.Agent({ maxSockets: 100, rejectUnauthorized: false })

const wreckWithTimeout = wreck.defaults({
  timeout: 5

const options = {
  baseUrl: '',
  payload: readableStream || 'foo=bar' || Buffer.from('foo=bar'),
  headers: {},
  redirects: 3,
  beforeRedirect: (redirectMethod, statusCode, location, resHeaders, redirectOptions, next) => next(),
  redirected: function (statusCode, location, req) {},
  timeout: 1000,
  maxBytes: 1048576,
  rejectUnauthorized: false,
  agent: null,

const example = async () => {
  const promise = wreck.request(method, uri, options);
  try {
    const res = await promise;
    const body = await, options);
  catch (err) {


The headers property has the request headers.

timeout has the request timeout in milliseconds.

maxBytes has the max size of a request.

agent has the user agent.

We can add the secureProtocol is the SSL method to use.

And the ciphers property can be added to choose the TLS cipher.

Then we use to read the response.

We can also call promise.req.abort() to abort the request.

Session Handling

We can handle session data with the @hapi/yar module.

For instance, we can write:

const Hapi = require('@hapi/hapi');

const server = Hapi.Server({ port: 3000 });
const options = {
  storeBlank: false,
  cookieOptions: {
    password: 'the-password-must-be-at-least-32-characters-long'

const init = async () => {
  await server.register({
    plugin: require('@hapi/yar'),

    method: 'GET',
    path: '/',
    handler: (request, h) => {
      request.yar.set('example', { key: 'value' });
      return 'hello';

    method: 'GET',
    path: '/session',
    handler: (request, h) => {
      const example = request.yar.get('example');
      return example;

  await server.start();
  console.log('Server running at:',;

to register the @hapi/yar plugin with:

await server.register({
  plugin: require('@hapi/yar'),

The options property has the cookieOptions.password property to set the password for encrypting the session.

Then in the / route, we call request.yar.set method to add the key and value to the session.

And then in the /session route, we call request.yar.get method with the key we want to get to get the data.

We should get:

  "key": "value"

as the response.


We can use the @hapi/wreck module to make advanced HTTP requests.

And the @hapi/yar module lets us manage session data across our app.

By John Au-Yeung

Web developer specializing in React, Vue, and front end development.

Leave a Reply

Your email address will not be published. Required fields are marked *