| Safe Haskell | None |
|---|---|
| Language | Haskell98 |
Web.ServerSession.Frontend.Wai.Internal
Description
Internal module exposing the guts of the package. Use at your own risk. No API stability guarantees apply.
- withServerSession :: (Functor m, MonadIO m, MonadIO n, Storage sto, SessionData sto ~ SessionMap) => Key (Session m Text ByteString) -> (State sto -> State sto) -> sto -> n Middleware
- sessionStore :: (Functor m, MonadIO m, Storage sto, KeyValue (SessionData sto)) => State sto -> SessionStore m (Key (SessionData sto)) (Value (SessionData sto))
- mkSession :: (Functor m, MonadIO m, KeyValue sess) => IORef sess -> Session m (Key sess) (Value sess)
- class IsSessionData sess => KeyValue sess where
- createCookieTemplate :: State sto -> SetCookie
- calculateMaxAge :: State sto -> Maybe DiffTime
- forceInvalidate :: Session m Text ByteString -> ForceInvalidate -> m ()
Documentation
Arguments
| :: (Functor m, MonadIO m, MonadIO n, Storage sto, SessionData sto ~ SessionMap) | |
| => Key (Session m Text ByteString) |
|
| -> (State sto -> State sto) | Set any options on the |
| -> sto | Storage backend. |
| -> n Middleware |
Construct the wai-session middleware using the given
storage backend and options. This is a convenient function
that uses withSession, createState, sessionStore,
getCookieName and createCookieTemplate.
Arguments
| :: (Functor m, MonadIO m, Storage sto, KeyValue (SessionData sto)) | |
| => State sto |
|
| -> SessionStore m (Key (SessionData sto)) (Value (SessionData sto)) |
|
Construct the wai-session session store using the given
state. Note that keys and values types are fixed.
As wai-session always requires a value to be provided, we
return an empty ByteString when the empty session was not
saved.
mkSession :: (Functor m, MonadIO m, KeyValue sess) => IORef sess -> Session m (Key sess) (Value sess) Source
class IsSessionData sess => KeyValue sess where Source
Class for session data types that can be used as key-value stores.
Instances
createCookieTemplate :: State sto -> SetCookie Source
Create a cookie template given a state.
Since we don't have access to the Session, we can't fill the
Expires field. Besides, as the template is constant,
eventually the Expires field would become outdated. This is
a limitation of wai-session's interface, not a
serversession limitation. Other frontends support the
Expires field.
Instead, we fill only the Max-age field. It works fine for
modern browsers, but many don't support it and will treat the
cookie as non-persistent (notably IE 6, 7 and 8).
calculateMaxAge :: State sto -> Maybe DiffTime Source
Calculate the Max-age of a cookie template for the given
state.
- If the state asks for non-persistent sessions, the result
is
Nothing. - If no timeout is defined, the result is 10 years.
- Otherwise, the max age is set as the maximum timeout.
forceInvalidate :: Session m Text ByteString -> ForceInvalidate -> m () Source
Invalidate the current session ID (and possibly more, check
ForceInvalidate). This is useful to avoid session fixation
attacks (cf. http://www.acrossecurity.com/papers/session_fixation.pdf).