pub struct SessionStore { /* private fields */ }Expand description
A session store. In-memory by default; optionally backed by a
persistent SessionBackend.
The in-memory map is always authoritative — reads don’t touch the
backend. The backend receives every save/remove, making it a
write-through cache. On construction via SessionStore::with_backend,
the store hydrates from the backend so sessions survive restart.
Implementations§
Source§impl SessionStore
impl SessionStore
pub fn new() -> Self
Sourcepub fn with_lifetime(self, lifetime_secs: u64) -> Self
pub fn with_lifetime(self, lifetime_secs: u64) -> Self
Override the default session lifetime. Used by pylon-runtime’s
server bootstrap to apply the manifest’s auth.session.expires_in.
Sourcepub fn with_backend(backend: Box<dyn SessionBackend>) -> Self
pub fn with_backend(backend: Box<dyn SessionBackend>) -> Self
Build a session store backed by a persistent store. Existing sessions are loaded from the backend on construction; every future mutation writes through.
Sourcepub fn create(&self, user_id: String) -> Session
pub fn create(&self, user_id: String) -> Session
Create a session for a user and return it. Uses the store’s
configured default_lifetime_secs (from the manifest’s
auth.session.expires_in, default 30 days).
Sourcepub fn get(&self, token: &str) -> Option<Session>
pub fn get(&self, token: &str) -> Option<Session>
Look up a session by token. Returns None if the session is expired.
Sourcepub fn resolve(&self, token: Option<&str>) -> AuthContext
pub fn resolve(&self, token: Option<&str>) -> AuthContext
Resolve a token to an auth context. Returns anonymous context if the token is invalid, missing, or expired.
Sourcepub fn refresh(&self, old_token: &str) -> Option<Session>
pub fn refresh(&self, old_token: &str) -> Option<Session>
Refresh a session — issues a new token, copies user/device, extends expiry. The old token is revoked. Returns the new session or None if the old token is missing/expired.
Sourcepub fn list_all_unfiltered(&self) -> Vec<Session>
pub fn list_all_unfiltered(&self) -> Vec<Session>
Every session in the store, including expired ones, with no
filtering. Powers the Studio “Auth tables” view so operators
can see orphaned sessions / debug stuck logins. Don’t use for
app code — list_for_user is the right surface there.
Sourcepub fn list_for_user(&self, user_id: &str) -> Vec<Session>
pub fn list_for_user(&self, user_id: &str) -> Vec<Session>
List all active sessions for a user.
Sourcepub fn revoke_all_for_user(&self, user_id: &str) -> usize
pub fn revoke_all_for_user(&self, user_id: &str) -> usize
Revoke all sessions for a user. Returns the count removed.
Sourcepub fn sweep_expired(&self) -> usize
pub fn sweep_expired(&self) -> usize
Sweep expired sessions. Returns the count removed.
Sourcepub fn set_device(&self, token: &str, device: String) -> bool
pub fn set_device(&self, token: &str, device: String) -> bool
Attach a device label to a session (typically on login from a browser).
Sourcepub fn create_guest(&self) -> Session
pub fn create_guest(&self) -> Session
Create a guest session with a generated anonymous ID.
Sourcepub fn upgrade(&self, token: &str, real_user_id: String) -> bool
pub fn upgrade(&self, token: &str, real_user_id: String) -> bool
Upgrade a guest session to a real user. Replaces the user_id.
Sourcepub fn set_tenant(&self, token: &str, tenant_id: Option<String>) -> bool
pub fn set_tenant(&self, token: &str, tenant_id: Option<String>) -> bool
Switch the session’s active tenant (organization). None clears it.
Callers should verify the user actually has membership in the target
tenant BEFORE invoking this — the session store takes the value on
trust. Returns true if the session exists, false otherwise.