Safe Haskell	None
Language	Haskell2010

Web.ServerSession.Frontend.Wai.Internal

Description

Internal module exposing the guts of the package. Use at your own risk. No API stability guarantees apply.

Synopsis

withServerSession :: (Functor m, MonadIO m, MonadIO n, Storage sto, SessionData sto ~ SessionMap) => Key (Session m Text ByteString) -> (State sto -> State sto) -> sto -> n Middleware
sessionStore :: (Functor m, MonadIO m, Storage sto, KeyValue (SessionData sto)) => State sto -> SessionStore m (Key (SessionData sto)) (Value (SessionData sto))
mkSession :: (Functor m, MonadIO m, KeyValue sess) => IORef sess -> Session m (Key sess) (Value sess)
class IsSessionData sess => KeyValue sess where
- type Key sess :: Type
- type Value sess :: Type
- kvLookup :: Key sess -> sess -> Maybe (Value sess)
- kvInsert :: Key sess -> Value sess -> sess -> sess
createCookieTemplate :: State sto -> SetCookie
calculateMaxAge :: State sto -> Maybe DiffTime
forceInvalidate :: Session m Text ByteString -> ForceInvalidate -> m ()

Documentation

withServerSession Source #

Arguments

:: (Functor m, MonadIO m, MonadIO n, Storage sto, SessionData sto ~ SessionMap)
=> Key (Session m Text ByteString)	`Vault` key to use when passing the session through.
-> (State sto -> State sto)	Set any options on the `serversession` state.
-> sto	Storage backend.
-> n Middleware

Construct the wai-session middleware using the given storage backend and options. This is a convenient function that uses withSession, createState, sessionStore, getCookieName and createCookieTemplate.

sessionStore Source #

Arguments

:: (Functor m, MonadIO m, Storage sto, KeyValue (SessionData sto))
=> State sto	`serversession` state, incl. storage backend.
-> SessionStore m (Key (SessionData sto)) (Value (SessionData sto))	`wai-session` session store.

Construct the wai-session session store using the given state. Note that keys and values types are fixed.

As wai-session always requires a value to be provided, we return an empty ByteString when the empty session was not saved.

mkSession :: (Functor m, MonadIO m, KeyValue sess) => IORef sess -> Session m (Key sess) (Value sess) Source #

Build a Session from an IORef containing the session data.

class IsSessionData sess => KeyValue sess where Source #

Class for session data types that can be used as key-value stores.

Associated Types

type Key sess :: Type Source #

type Value sess :: Type Source #

Methods

kvLookup :: Key sess -> sess -> Maybe (Value sess) Source #

kvInsert :: Key sess -> Value sess -> sess -> sess Source #

Instances

Instances details

KeyValue SessionMap Source #
Instance details Defined in Web.ServerSession.Frontend.Wai.Internal Associated Types type Key SessionMap Source # type Value SessionMap Source # Methods kvLookup :: Key SessionMap -> SessionMap -> Maybe (Value SessionMap) Source # kvInsert :: Key SessionMap -> Value SessionMap -> SessionMap -> SessionMap Source #

createCookieTemplate :: State sto -> SetCookie Source #

Create a cookie template given a state.

Since we don't have access to the Session, we can't fill the Expires field. Besides, as the template is constant, eventually the Expires field would become outdated. This is a limitation of wai-session's interface, not a serversession limitation. Other frontends support the Expires field.

Instead, we fill only the Max-age field. It works fine for modern browsers, but many don't support it and will treat the cookie as non-persistent (notably IE 6, 7 and 8).

calculateMaxAge :: State sto -> Maybe DiffTime Source #

Calculate the Max-age of a cookie template for the given state.

If the state asks for non-persistent sessions, the result is Nothing.
If no timeout is defined, the result is 10 years.
Otherwise, the max age is set as the maximum timeout.

forceInvalidate :: Session m Text ByteString -> ForceInvalidate -> m () Source #

Invalidate the current session ID (and possibly more, check ForceInvalidate). This is useful to avoid session fixation attacks (cf. http://www.acrossecurity.com/papers/session_fixation.pdf).