Skip to main content

SessionManager

codlet_core::auth::session

Struct SessionManager 

Source 
pub struct SessionManager<SS, K, C, A> { /* private fields */ }
Expand description

Manages session issuance, validation, and revocation (RFC-013 §3).

Session issuance requires a RedeemSuccess proof to enforce the invariant that sessions can only be created after a confirmed won claim (RFC-013 §5, acceptance checklist: “session issuance cannot occur before claim success”).

Implementations§

Source§

impl<SS, K, C, A> SessionManager<SS, K, C, A>
where SS: SessionStore, K: KeyProvider, C: Clock, A: AuditSink,

Source

pub fn new( store: SS, hasher: SecretHasher<K>, clock: C, audit: A, cookie_policy: CookiePolicy, ) -> Self

Construct a session manager.

Source

pub async fn issue<R: RandomSource>( &self, success: &RedeemSuccess, session_id: SessionId, rng: &mut R, ) -> Result<IssuedSession, SessionError>

Issue a new session for the authenticated subject.

Requires a RedeemSuccess proof so this cannot be called without a prior confirmed won claim. Generates a high-entropy session secret, derives the HMAC lookup key, inserts the record, and returns the Set-Cookie header value.

The plaintext session secret leaves this function only inside IssuedSession::set_cookie; it is never stored or logged by codlet.

§Errors

Returns SessionError::Internal if the RNG, hasher, or store fails.

Source

pub async fn validate( &self, cookie_value: &str, ) -> Result<SessionValidationOutcome, SessionError>

Validate a session from the bearer credential in a cookie.

Derives the lookup key from cookie_value, queries the store for an active (unexpired, unrevoked) session, and returns the authentication outcome. Expired and revoked sessions both collapse to Unauthenticated (INV-8).

§Errors

Returns SessionError::Internal only on store/key failure. A missing or invalid session returns Ok(Unauthenticated), not an error.

Source

pub async fn revoke( &self, session_id: &SessionId, ) -> Result<String, SessionError>

Revoke a session (logout or incident response).

Returns the Set-Cookie header value that clears the session cookie from the client.

§Errors

Returns SessionError::Internal on store failure.

Source

pub fn cookie_policy(&self) -> &CookiePolicy

Borrow the cookie policy (e.g. to build the initial Set-Cookie name for extraction on the next request).

Auto Trait Implementations§

§

impl<SS, K, C, A> Freeze for SessionManager<SS, K, C, A>
where SS: Freeze, C: Freeze, A: Freeze, K: Freeze,

§

impl<SS, K, C, A> RefUnwindSafe for SessionManager<SS, K, C, A>
where SS: RefUnwindSafe, C: RefUnwindSafe, A: RefUnwindSafe, K: RefUnwindSafe,

§

impl<SS, K, C, A> Send for SessionManager<SS, K, C, A>
where SS: Send, C: Send, A: Send, K: Send,

§

impl<SS, K, C, A> Sync for SessionManager<SS, K, C, A>
where SS: Sync, C: Sync, A: Sync, K: Sync,

§

impl<SS, K, C, A> Unpin for SessionManager<SS, K, C, A>
where SS: Unpin, C: Unpin, A: Unpin, K: Unpin,

§

impl<SS, K, C, A> UnsafeUnpin for SessionManager<SS, K, C, A>
where SS: UnsafeUnpin, C: UnsafeUnpin, A: UnsafeUnpin, K: UnsafeUnpin,

§

impl<SS, K, C, A> UnwindSafe for SessionManager<SS, K, C, A>
where SS: UnwindSafe, C: UnwindSafe, A: UnwindSafe, K: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.