Skip to main content

Crate modo_session

Crate modo_session 

Source
Expand description

Database-backed HTTP sessions for the modo framework.

Provides cookie-based session management with:

  • ULID session IDs stored in a modo_sessions database table
  • Cryptographically random tokens (32 bytes); only the SHA-256 hash is persisted
  • Server-side fingerprint validation to detect session hijacking
  • Automatic LRU eviction when max_sessions_per_user is exceeded
  • Sliding expiry via periodic touch updates

§Quick start

// In your app entry point:
let session_store = modo_session::SessionStore::new(
    &db,
    modo_session::SessionConfig::default(),
    config.core.cookies.clone(),
);

app.service(session_store.clone())
   .layer(modo_session::layer(session_store))
   .run()
   .await?;

Then inject SessionManager as an extractor in any handler:

async fn login(session: modo_session::SessionManager) -> modo::HandlerResult<()> {
    session.authenticate("user-123").await?;
    Ok(())
}

§Features

  • cleanup-job — registers a cron job (via modo-jobs) that deletes expired sessions every 15 minutes. Requires the modo-jobs crate.

Re-exports§

pub use config::SessionConfig;
pub use manager::SessionManager;
pub use meta::SessionMeta;
pub use middleware::layer;
pub use middleware::user_id_from_extensions;
pub use store::SessionStore;
pub use types::SessionData;
pub use types::SessionId;
pub use types::SessionToken;
pub use chrono;
pub use modo;
pub use modo_db;
pub use serde;
pub use serde_json;

Modules§

config
device
entity
fingerprint
manager
meta
middleware
Tower middleware layer that loads, validates, and persists sessions for every request.
store
types