Scrum4Me/docs/patterns/iron-session.md

---
title: "iron-session"
status: active
audience: [ai-agent, contributor]
language: nl
last_updated: 2026-05-03
when_to_read: "When reading or writing session cookies or implementing auth checks."
---

# Patroon: iron-session

## lib/session.ts

```ts
import { SessionOptions } from 'iron-session'

export interface SessionData {
  userId: string
  isDemo: boolean
}

export const sessionOptions: SessionOptions = {
  password: process.env.SESSION_SECRET!,
  cookieName: 'session',
  cookieOptions: {
    secure: process.env.NODE_ENV === 'production',
    httpOnly: true,
    sameSite: 'lax',
  },
}
```

## Gebruik in Server Action of Route Handler

```ts
import { getIronSession } from 'iron-session'
import { cookies } from 'next/headers'
import { SessionData, sessionOptions } from '@/lib/session'

const session = await getIronSession<SessionData>(await cookies(), sessionOptions)
if (!session.userId) redirect('/login')
if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
```