| Safe Haskell | None |
|---|---|
| Language | Haskell98 |
Web.ServerSession.Frontend.Snap.Internal
Description
Internal module exposing the guts of the package. Use at your own risk. No API stability guarantees apply.
- initServerSessionManager :: (Storage sto, SnapSession (SessionData sto)) => IO (State sto) -> SnapletInit b SessionManager
- simpleServerSessionManager :: (Storage sto, SessionData sto ~ SessionMap) => IO sto -> (State sto -> State sto) -> SnapletInit b SessionManager
- class IsSessionData sess => SnapSession sess where
- ssInsert :: Text -> Text -> sess -> sess
- ssLookup :: Text -> sess -> Maybe Text
- ssDelete :: Text -> sess -> sess
- ssToList :: sess -> [(Text, Text)]
- ssInsertCsrf :: Text -> sess -> sess
- ssLookupCsrf :: sess -> Maybe Text
- ssForceInvalidate :: ForceInvalidate -> sess -> sess
- data ServerSessionManager sto = ServerSessionManager {
- currentSession :: Maybe (SessionData sto, SaveSessionToken sto)
- state :: State sto
- cookieName :: ByteString
- nonceGen :: Generator
- currentSessionMap :: String -> ServerSessionManager sto -> SessionData sto
- modifyCurrentSession :: (SessionData sto -> SessionData sto) -> ServerSessionManager sto -> ServerSessionManager sto
- createCookie :: State sto -> ByteString -> Session sess -> Cookie
- csrfKey :: Text
- forceInvalidate :: ForceInvalidate -> Handler b SessionManager ()
Documentation
initServerSessionManager :: (Storage sto, SnapSession (SessionData sto)) => IO (State sto) -> SnapletInit b SessionManager Source
Create a new ServerSessionManager using the given State.
simpleServerSessionManager :: (Storage sto, SessionData sto ~ SessionMap) => IO sto -> (State sto -> State sto) -> SnapletInit b SessionManager Source
Simplified version of initServerSessionManager, sufficient
for most needs.
class IsSessionData sess => SnapSession sess where Source
Class for data types that implement the operations Snap expects sessions to support.
Methods
ssInsert :: Text -> Text -> sess -> sess Source
ssLookup :: Text -> sess -> Maybe Text Source
ssDelete :: Text -> sess -> sess Source
ssToList :: sess -> [(Text, Text)] Source
ssInsertCsrf :: Text -> sess -> sess Source
ssLookupCsrf :: sess -> Maybe Text Source
ssForceInvalidate :: ForceInvalidate -> sess -> sess Source
Instances
| SnapSession SessionMap | Uses |
data ServerSessionManager sto Source
A ISessionManager using server-side sessions.
Constructors
| ServerSessionManager | |
Fields
| |
Instances
| (Storage sto, SnapSession (SessionData sto)) => ISessionManager (ServerSessionManager sto) | |
| Typeable (* -> *) ServerSessionManager |
currentSessionMap :: String -> ServerSessionManager sto -> SessionData sto Source
Get the current SessionData from currentSession and
unwrap its Just. If it's Nothing, error is called. We
expect load to be called before any other ISessionManager
method.
modifyCurrentSession :: (SessionData sto -> SessionData sto) -> ServerSessionManager sto -> ServerSessionManager sto Source
Modify the current session in any way.
createCookie :: State sto -> ByteString -> Session sess -> Cookie Source
Create a cookie for the given session.
The cookie expiration is set via nextExpires. Note that
this is just an optimization, as the expiration is checked on
the server-side as well.
forceInvalidate :: ForceInvalidate -> Handler b SessionManager () Source
Invalidate the current session ID (and possibly more, check
ForceInvalidate). This is useful to avoid session fixation
attacks (cf. http://www.acrossecurity.com/papers/session_fixation.pdf).
Note that the invalidate does not occur when the call to
this action is made! The sessions will be invalidated when
the session is commited. This means that later calls to
forceInvalidate on the same handler will override earlier
calls.
This function works by setting a session variable that is checked when saving the session. The session variable set by this function is then discarded and is not persisted across requests.