Expand description
Signed-cookie sessions for sutegi.
State lives in an HMAC-SHA256-signed cookie — stateless on the server, and
tamper-evident (a modified payload fails verification and is discarded).
The signing primitives are the audited RustCrypto hmac/sha2 crates,
pulled in only when you enable sutegi’s auth feature.
ⓘ
let sessions = Sessions::new(b"a-32+ byte secret from your config");
// in a handler:
let mut s = sessions.load(req);
s.set("user_id", Json::int(42));
sessions.save(&s, json(200, &Json::obj(vec![("ok", Json::Bool(true))])))