Skip to main content

SessionAuthExt

reinhardt

Trait SessionAuthExt 

Source 
pub trait SessionAuthExt {
    // Required methods
    fn login<V>(
        &mut self,
        store: &SessionStoreRef,
        user_id: V,
    ) -> Result<(), Error>
       where V: Serialize + Send + Sync;
    fn logout(&mut self, store: &SessionStoreRef);
}
Available on crate feature sessions and crate feature middleware and native only.
Expand description

Login/logout helpers for SessionData.

Both methods perform the session-fixation prevention rotation that is a required step on authentication state transitions: each call regenerates the session id, removes the old store entry referenced by the previous id, and persists the updated SessionData under the new id.

The trait is provided as an extension so existing call sites can opt in by adding a single use and replacing their inline blocks; the implementation lives in reinhardt-middleware because that is the crate that owns SessionData and SessionStoreRef. BaseUser is deliberately not a bound on login — taking impl Serialize keeps the helper usable with any primary-key shape (i64, Uuid, a tenant composite key, …) and avoids the otherwise-circular auth ↔ middleware coupling.

§Usage

use reinhardt::middleware::session::{
    SessionAuthExt, SessionData, SessionStoreRef,
};

#[server_fn]
pub async fn login(
    username: String,
    password: String,
    #[inject] mut session: SessionData,
    #[inject] store: SessionStoreRef,
) -> Result<(), ServerFnError> {
    // … authenticate `user` …
    session.login(&store, user.id())
        .map_err(|e| ServerFnError::application(e.to_string()))?;
    Ok(())
}

Required Methods§

Source

fn login<V>(&mut self, store: &SessionStoreRef, user_id: V) -> Result<(), Error>
where V: Serialize + Send + Sync,

Mark the current session as authenticated for user_id.

Equivalent to the inline sequence:

let old_id = self.regenerate_id();
self.set(USER_ID_SESSION_KEY.to_string(), user_id)?;
store.inner().delete(&old_id);
store.inner().save(self.clone());

Returns a reinhardt_http::Result so the serialisation failure inside SessionData::set propagates with the same error type as the rest of the session API.

Source

fn logout(&mut self, store: &SessionStoreRef)

Clear the authenticated-user reference from the current session.

Rotates the session id, removes the old store entry, drops the user-id key from the session map (without clearing any other keys callers may have written), and persists the rotated session. Callers who want to drop all session state should call SessionData::clear before invoking this helper.

Dyn Compatibility§

This trait is not dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety".

Implementors§