XEMS Configuration
XEMS is configured via the server.xems property in the createServer options. The configuration is strictly validated during server initialization to ensure maximum security.
Core Settings
| Parameter | Default | Description |
|---|---|---|
| enable | true | Enables the XEMS engine and internal session middleware. |
| ttl | "15m" | Session lifetime (e.g., "1h", "30m"). |
| autoRotation | true | Enables automatic token rotation on every request. |
Persistence (The Vault)
Persistence allows XEMS to save sessions to an encrypted file, surviving server restarts.
Vault Configuration
const app = createServer({
security: {
xems: {
persistence: {
enabled: true,
path: "./.private/vault.xems",
secret: "your-32-byte-master-key-here-!!!"
}
},
},
});32-Byte Requirement
The
secret must be exactly 32 bytes (256 bits). If the secret is lost, all data in the vault becomes permanently unrecoverable.Transport Settings
Cookie Storage
Default cookie: xems_token. Automatically configured as HttpOnly and Secure in production.
Header Transport
Default header: x-xypriss-token. Used for session transport in non-browser or API-only contexts.
Performance
View verified benchmarks and high-concurrency results for XEMS.