Safe Haskell | None |
---|---|
Language | Haskell2010 |
Internal module exposing the guts of the package. Use at your own risk. No API stability guarantees apply.
Synopsis
- withServerSession :: (Functor m, MonadIO m, MonadIO n, Storage sto, SessionData sto ~ SessionMap) => Key (Session m Text ByteString) -> (State sto -> State sto) -> sto -> n Middleware
- sessionStore :: (Functor m, MonadIO m, Storage sto, KeyValue (SessionData sto)) => State sto -> SessionStore m (Key (SessionData sto)) (Value (SessionData sto))
- mkSession :: (Functor m, MonadIO m, KeyValue sess) => IORef sess -> Session m (Key sess) (Value sess)
- class IsSessionData sess => KeyValue sess where
- createCookieTemplate :: State sto -> SetCookie
- calculateMaxAge :: State sto -> Maybe DiffTime
- forceInvalidate :: Session m Text ByteString -> ForceInvalidate -> m ()
Documentation
:: (Functor m, MonadIO m, MonadIO n, Storage sto, SessionData sto ~ SessionMap) | |
=> Key (Session m Text ByteString) |
|
-> (State sto -> State sto) | Set any options on the |
-> sto | Storage backend. |
-> n Middleware |
Construct the wai-session
middleware using the given
storage backend and options. This is a convenient function
that uses withSession
, createState
, sessionStore
,
getCookieName
and createCookieTemplate
.
:: (Functor m, MonadIO m, Storage sto, KeyValue (SessionData sto)) | |
=> State sto |
|
-> SessionStore m (Key (SessionData sto)) (Value (SessionData sto)) |
|
Construct the wai-session
session store using the given
state. Note that keys and values types are fixed.
As wai-session
always requires a value to be provided, we
return an empty ByteString
when the empty session was not
saved.
mkSession :: (Functor m, MonadIO m, KeyValue sess) => IORef sess -> Session m (Key sess) (Value sess) Source #
class IsSessionData sess => KeyValue sess where Source #
Class for session data types that can be used as key-value stores.
Instances
KeyValue SessionMap Source # | |
Defined in Web.ServerSession.Frontend.Wai.Internal type Key SessionMap Source # type Value SessionMap Source # kvLookup :: Key SessionMap -> SessionMap -> Maybe (Value SessionMap) Source # kvInsert :: Key SessionMap -> Value SessionMap -> SessionMap -> SessionMap Source # |
createCookieTemplate :: State sto -> SetCookie Source #
Create a cookie template given a state.
Since we don't have access to the Session
, we can't fill the
Expires
field. Besides, as the template is constant,
eventually the Expires
field would become outdated. This is
a limitation of wai-session
's interface, not a
serversession
limitation. Other frontends support the
Expires
field.
Instead, we fill only the Max-age
field. It works fine for
modern browsers, but many don't support it and will treat the
cookie as non-persistent (notably IE 6, 7 and 8).
calculateMaxAge :: State sto -> Maybe DiffTime Source #
Calculate the Max-age
of a cookie template for the given
state.
- If the state asks for non-persistent sessions, the result
is
Nothing
. - If no timeout is defined, the result is 10 years.
- Otherwise, the max age is set as the maximum timeout.
forceInvalidate :: Session m Text ByteString -> ForceInvalidate -> m () Source #
Invalidate the current session ID (and possibly more, check
ForceInvalidate
). This is useful to avoid session fixation
attacks (cf. http://www.acrossecurity.com/papers/session_fixation.pdf).