Expand description
Session-based Authentication.
§Spring Security Equivalent
Similar to Spring Security’s session-based authentication with HttpSession.
§Features
- Store user in session after login
- Session fixation protection (migrate, new session, or none)
- Configurable session timeout
- Maximum sessions per user support
- Integration with actix-session
§Example
ⓘ
use actix_security_core::http::security::session::{
SessionAuthenticator, SessionConfig, SessionFixationStrategy
};
use actix_session::SessionMiddleware;
use actix_session::storage::CookieSessionStore;
// Configure session middleware (required)
let session_middleware = SessionMiddleware::new(
CookieSessionStore::default(),
cookie_key.clone()
);
// Configure session authenticator with fixation protection
let config = SessionConfig::new()
.fixation_strategy(SessionFixationStrategy::MigrateSession);
let authenticator = SessionAuthenticator::new(config);
App::new()
.wrap(session_middleware)
.wrap(SecurityTransform::new()
.config_authenticator(move || authenticator.clone())
.config_authorizer(|| /* ... */))Structs§
- Session
Authenticator - Session-based authenticator.
- Session
Config - Session authentication configuration.
- Session
Login Service - Service for handling login/logout with sessions.
- Session
User - Serializable user data stored in session.
Enums§
- Session
Error - Session-related errors.
- Session
Fixation Strategy - Strategy for session fixation protection.
Traits§
- Credential
Authenticator - Trait for authenticators that can validate username/password credentials.