Struct actix_session::config::BrowserSession

pub struct BrowserSession { /* private fields */ }

A session lifecycle strategy where the session cookie expires when the browser’s current session ends.

When does a browser session end? It depends on the browser. Chrome, for example, will often continue running in the background when the browser is closed—session cookies are not deleted and they will still be available when the browser is opened again. Check the documentation of the browsers you are targeting for up-to-date information.

Due to its Into<SessionLifecycle> implementation, a BrowserSession can be passed directly to SessionMiddlewareBuilder::session_lifecycle().

Implementations

impl BrowserSession

pub fn state_ttl(self, ttl: Duration) -> Self

Sets a time-to-live (TTL) when storing the session state in the storage backend.

We do not want to store session states indefinitely, otherwise we will inevitably run out of storage by holding on to the state of countless abandoned or expired sessions!

We are dealing with the lifecycle of two uncorrelated object here: the session cookie and the session state. It is not a big issue if the session state outlives the cookie— we are wasting some space in the backend storage, but it will be cleaned up eventually. What happens, instead, if the cookie outlives the session state? A new session starts— e.g. if sessions are being used for authentication, the user is de-facto logged out.

It is not possible to predict with certainty how long a browser session is going to last—you need to provide a reasonable upper bound. You do so via state_ttl—it dictates what TTL should be used for session state when the lifecycle of the session cookie is tied to the browser session length. SessionMiddleware will default to 1 day if state_ttl is left unspecified.

You can mitigate the risk of the session cookie outliving the session state by specifying a more aggressive state TTL extension policy - check out BrowserSession::state_ttl_extension_policy for more details.

pub fn state_ttl_extension_policy(
    self,
    ttl_extension_policy: TtlExtensionPolicy
) -> Self

Determine under what circumstances the TTL of your session state should be extended.

Defaults to TtlExtensionPolicy::OnStateChanges if left unspecified.

See TtlExtensionPolicy for more details.

Trait Implementations

impl Clone for BrowserSession

fn clone(&self) -> BrowserSession

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for BrowserSession

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for BrowserSession

fn default() -> Self

Returns the “default value” for a type.

impl From<BrowserSession> for SessionLifecycle

fn from(original: BrowserSession) -> SessionLifecycle

Converts to this type from the input type.