Skip to main content

Module session

bext_plugin_api

Module session 

Source
Expand description

Session capability trait and types.

A session store owns the lifecycle of session records. The trait is deliberately storage-agnostic: it accommodates both server-backed stores (e.g. Redis, Postgres) where the cookie carries only an opaque id, and stateless client-side stores (e.g. signed/encrypted cookie) where the “id” is itself the ciphertext and no server state is kept.

Design notes:

  • SessionId is an opaque string. Server-backed stores put a uuid or similar random token there. Cookie-only stores put the encrypted + signed payload there. The host treats it as opaque and writes it into the session cookie; backends know how to interpret it on read.

  • create and update both return a SessionId. For server-backed stores the id is stable across updates; for cookie-only stores the id changes on every mutation (because the ciphertext changes) and the host must re-set the cookie. Callers should always write back the id returned by update.

  • Session data is passed as a JSON string so the trait surface stays WASM-ABI friendly, matching the style used in lifecycle.rs. The schema inside the blob is defined by the caller (typically an Auth plugin storing a user id + claims; an app storing cart state; etc.).

  • user_id is optional so anonymous sessions (pre-login carts, guest checkout, CSRF tokens) are first-class. Auth plugins that require a logged-in user enforce that themselves.

  • This trait deliberately does not import any Auth types. Session is the substrate Auth sits on, not the other way round. An Auth plugin uses a SessionPlugin to persist proof-of-identity; the session store does not know or care what that proof looks like.

Structs§

CreateOptions
Options for creating a new session.
SessionId
Opaque session identifier written into the session cookie.
SessionRecord
A session record as observed by callers.

Enums§

SessionError
Errors a session store can return. Kept as a flat enum so the shape is stable across backends; backend-specific detail goes in the wrapped message.

Traits§

SessionPlugin
Storage backend for sessions.

Functions§

empty_data_json
Convenience helper for tests and simple callers. Not part of the trait so it does not force a particular JSON shape on backends.
encode_data_map
Convenience helper for constructing a HashMap-backed data blob when the caller does not want to pull in serde_json directly. Returns a JSON object string.