Crate tower_sessions_cookie_store

Crate tower_sessions_cookie_store 

Source
Expand description

Cookie-backed session persistence for tower-sessions.

This crate provides a layer that inserts tower_sessions_core::Session into request extensions and persists the session record into a cookie.

§Security

The default format is a signed cookie (signed feature).

The dangerous-plaintext feature enables a plaintext cookie controller. This offers no tamper resistance and should only be used for testing and debugging. Never enable or use this in a real application: a client can trivially edit the cookie to escalate privileges and impersonate other users (including staff/admin).

§Example (Axum, signed cookies)

use axum::{routing::get, Router};
use tower_sessions_cookie_store::{CookieSessionConfig, CookieSessionManagerLayer, Key, Session};

async fn handler(session: Session) -> String {
    let n: usize = session.get("n").await.expect("session get succeeds").unwrap_or(0);
    session.insert("n", n + 1).await.expect("session insert succeeds");
    format!("n={n}")
}

let key = Key::generate();
let config = CookieSessionConfig::default().with_secure(false);
let app = Router::<()>::new()
    .route("/", get(handler))
    .layer(CookieSessionManagerLayer::signed(key).with_config(config));

Re-exports§

pub use crate::format::decode_record;
pub use crate::format::encode_record;
pub use crate::layer::CookieSessionManagerLayer;

Modules§

format
Helpers for encoding/decoding the cookie session payload format.
layer
Tower layer for cookie-backed sessions. Tower layer and service for cookie-backed sessions.
session_store
A session backend for managing session state.

Structs§

CookieSessionConfig
Configuration for cookie-backed sessions.
DangerousPlaintextCookie
A controller that stores session state in plaintext cookies.
Key
A cryptographic master key for use with Signed and/or Private jars.
PrivateCookie
A controller that stores session state in private (encrypted + authenticated) cookies.
Session
A session which allows HTTP applications to associate key-value pairs with visitors.
SignedCookie
A controller that stores session state in signed cookies.

Enums§

Expiry
Session expiry configuration.
SameSite
The SameSite cookie attribute.

Constants§

DEFAULT_COOKIE_NAME
Default cookie name used when none is configured.

Traits§

CookieController
Reads/writes/removes a session cookie from a Cookies jar.