Struct SessionStore 

pub struct SessionStore { /* private fields */ }

Encrypts/decrypts session payloads with a per-store AEAD key.

Supports key rotation: encode always uses the primary key, while decode tries the primary first, then each retired fallback in order. This lets a deployment rotate JERRYCAN_SECRET without invalidating sessions/tokens minted under the previous key — the old key is moved to fallbacks until it is fully retired (dropped from the list), at which point its ciphertexts stop decrypting.

Implementations

impl SessionStore

pub fn new(key: &[u8; 32]) -> Self

Single-key store (no rotation). Equivalent to with_keys(key, &[]).

pub fn with_keys(primary: &[u8; 32], fallbacks: &[[u8; 32]]) -> Self

Rotation-aware store: encode uses primary; decode tries primary then each entry of fallbacks in order. The first key that authenticates the ciphertext wins.

pub fn encode<T: Serialize>(&self, value: &T) -> Result<String>

Serialize + encrypt to a base64url token (no padding).

pub fn decode<T: DeserializeOwned>(&self, token: &str) -> Result<T>

Decrypt + deserialize. Tries the primary key, then each rotation fallback in order; the first key that authenticates wins. Any failure (bad base64, short input, AEAD rejection under every key, JSON shape) is JC0401 — an untrusted client value.

pub fn set_cookie<T: Serialize>(&self, value: &T) -> Result<String>

A Set-Cookie header value establishing the session (secure defaults).

pub fn clear_cookie(&self) -> String

A Set-Cookie header value clearing the session.

pub fn read_cookie(&self, cookie_header: &str) -> Option<String>

Extract the session cookie value from a Cookie request header. Public so sibling crates (and the fuzz-smoke suite) can exercise the parser.

Trait Implementations

impl Clone for SessionStore

fn clone(&self) -> SessionStore

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.