Struct trillium_sessions::SessionHandler [−][src]
pub struct SessionHandler<Store> { /* fields omitted */ }
Expand description
Handler to enable sessions.
See crate-level docs for an overview of this crate’s approach to sessions and security.
Implementations
Constructs a SessionHandler from the given
async_session::SessionStore
and secret. The secret
MUST be
at least 32 bytes long, and MUST be cryptographically random to be
secure. It is recommended to retrieve this at runtime from the
environment instead of compiling it into your application.
Panics
SessionHandler::new will panic if the secret is fewer than 32 bytes.
Defaults
The defaults for SessionHandler are:
- cookie path: “/”
- cookie name: “trillium.sid”
- session ttl: one day
- same site: strict
- save unchanged: enabled
- older secrets: none
Customization
Although the above defaults are appropriate for most applications, they can be overridden. Please be careful changing these settings, as they can weaken your application’s security:
// this logic will be unique to your deployment let secrets_var = std::env::var("TRILLIUM_SESSION_SECRETS").unwrap(); let session_secrets = secrets_var.split(' ').collect::<Vec<_>>(); let handler = ( CookiesHandler::new(), SessionHandler::new(MemoryStore::new(), session_secrets[0]) .with_cookie_name("custom.cookie.name") .with_cookie_path("/some/path") .with_cookie_domain("trillium.rs") .with_same_site_policy(SameSite::Strict) .with_session_ttl(Some(Duration::from_secs(1))) .with_older_secrets(&session_secrets[1..]) .without_save_unchanged() );
Sets a cookie path for this session handler. The default for this value is “/”
Sets a session ttl. This will be used both for the cookie expiry and also for the session-internal expiry.
The default for this value is one day. Set this to None to not set a cookie or session expiry. This is not recommended.
Sets the name of the cookie that the session is stored with or in.
If you are running multiple trillium applications on the same domain, you will need different values for each application. The default value is “trillium.sid”
Disables the save_unchanged
setting. When save_unchanged
is enabled, a session will cookie will always be set. With
save_unchanged
disabled, the session data must be modified
from the Default
value in order for it to save. If a session
already exists and its data unmodified in the course of a
request, the session will only be persisted if
save_unchanged
is enabled.
Sets the same site policy for the session cookie. Defaults to SameSite::Strict. See incrementally better cookies for more information about this setting
Sets the domain of the cookie.
Trait Implementations
Executes this handler, performing any modifications to the Conn that are desired. Read more
Performs any final modifications to this conn after all handlers have been run. Although this is a slight deviation from the simple conn->conn->conn chain represented by most Handlers, it provides an easy way for libraries to effectively inject a second handler into a response chain. This is useful for loggers that need to record information both before and after other handlers have run, as well as database transaction handlers and similar library code. Read more
Performes one-time async set up on a mutable borrow of the Handler before the server starts accepting requests. This allows a Handler to be defined in synchronous code but perform async setup such as establishing a database connection or fetching some state from an external source. This is optional, and chances are high that you do not need this. Read more
predicate function answering the question of whether this Handler
would like to take ownership of the negotiated Upgrade. If this
returns true, you must implement Handler::upgrade
. The first
handler that responds true to this will receive ownership of the
trillium::Upgrade
in a subsequent call to Handler::upgrade
Read more
This will only be called if the handler reponds true to
Handler::has_upgrade
and will only be called once for this
upgrade. There is no return value, and this function takes
exclusive ownership of the underlying transport once this is
called. You can downcast the transport to whatever the source
transport type is and perform any non-http protocol communication
that has been negotiated. You probably don’t want this unless
you’re implementing something like websockets. Please note that
for many transports such as TcpStreams, dropping the transport
(and therefore the Upgrade) will hang up / disconnect. Read more
Auto Trait Implementations
impl<Store> RefUnwindSafe for SessionHandler<Store> where
Store: RefUnwindSafe,
impl<Store> Send for SessionHandler<Store> where
Store: Send,
impl<Store> Sync for SessionHandler<Store> where
Store: Sync,
impl<Store> Unpin for SessionHandler<Store> where
Store: Unpin,
impl<Store> UnwindSafe for SessionHandler<Store> where
Store: UnwindSafe,