Struct sfo_http::http_server::sessions::SessionMiddleware

source ·

pub struct SessionMiddleware<Store> { /* private fields */ }

Expand description

Middleware to enable sessions.

See sessions for an overview of tide’s approach to sessions.

Example

let mut app = tide::new();

app.with(tide::sessions::SessionMiddleware::new(
    tide::sessions::MemoryStore::new(),
    b"we recommend you use std::env::var(\"TIDE_SECRET\").unwrap().as_bytes() instead of a fixed value"
));

app.with(tide::utils::Before(|mut request: tide::Request<()>| async move {
    let session = request.session_mut();
    let visits: usize = session.get("visits").unwrap_or_default();
    session.insert("visits", visits + 1).unwrap();
    request
}));

app.at("/").get(|req: tide::Request<()>| async move {
    let visits: usize = req.session().get("visits").unwrap();
    Ok(format!("you have visited this website {} times", visits))
});

app.at("/reset")
    .get(|mut req: tide::Request<()>| async move {
        req.session_mut().destroy();
        Ok(tide::Redirect::new("/"))
     });

Implementations§

source §

impl<Store> SessionMiddleware<Store>where Store: SessionStore,

source

pub fn new(store: Store, secret: &[u8]) -> SessionMiddleware<Store>

Creates a new SessionMiddleware with a mandatory cookie signing secret. The secret MUST be at least 32 bytes long, and MUST be cryptographically random to be secure. It is recommended to retrieve this at runtime from the environment instead of compiling it into your application.

Panics

SessionMiddleware::new will panic if the secret is fewer than 32 bytes.

Defaults

The defaults for SessionMiddleware are:

cookie path: “/”
cookie name: “tide.sid”
session ttl: one day
same site: strict
save unchanged: enabled

Customization

Although the above defaults are appropriate for most applications, they can be overridden. Please be careful changing these settings, as they can weaken your application’s security:

let mut app = tide::new();
app.with(
    SessionMiddleware::new(MemoryStore::new(), b"please do not hardcode your secret")
        .with_cookie_name("custom.cookie.name")
        .with_cookie_path("/some/path")
        .with_cookie_domain("www.rust-lang.org")
        .with_same_site_policy(SameSite::Lax)
        .with_session_ttl(Some(Duration::from_secs(1)))
        .without_save_unchanged(),
);

source

pub fn with_cookie_path( self, cookie_path: impl AsRef<str> ) -> SessionMiddleware<Store>

Sets a cookie path for this session middleware. The default for this value is “/”

source

pub fn with_session_ttl( self, session_ttl: Option<Duration> ) -> SessionMiddleware<Store>

Sets a session ttl. This will be used both for the cookie expiry and also for the session-internal expiry.

The default for this value is one day. Set this to None to not set a cookie or session expiry. This is not recommended.

source

pub fn with_cookie_name( self, cookie_name: impl AsRef<str> ) -> SessionMiddleware<Store>

Sets the name of the cookie that the session is stored with or in.

If you are running multiple tide applications on the same domain, you will need different values for each application. The default value is “tide.sid”

source

pub fn without_save_unchanged(self) -> SessionMiddleware<Store>

Disables the save_unchanged setting. When save_unchanged is enabled, a session will cookie will always be set. With save_unchanged disabled, the session data must be modified from the Default value in order for it to save. If a session already exists and its data unmodified in the course of a request, the session will only be persisted if save_unchanged is enabled.

source

pub fn with_same_site_policy(self, policy: SameSite) -> SessionMiddleware<Store>

Sets the same site policy for the session cookie. Defaults to SameSite::Strict. See incrementally better cookies for more information about this setting

source