snap-0.9.2: Top-level package for the Snap Web Framework

Safe HaskellNone




data SessionManager Source

Any Haskell record that is a member of the ISessionManager typeclass can be stuffed inside a SessionManager to enable all session-related functionality.


forall a . ISessionManager a => SessionManager a 

class ISessionManager r whereSource


load :: r -> Snap rSource

Load a session from given payload.

Will always be called before any other operation. If possible, cache and do nothing when called multiple times within the same request cycle.

commit :: r -> Snap ()Source

Commit session, return a possibly updated paylaod

reset :: r -> Snap rSource

Reset session

touch :: r -> rSource

Touch session

insert :: Text -> Text -> r -> rSource

Insert a key-value pair into session

lookup :: Text -> r -> Maybe TextSource

Lookup a key in session

delete :: Text -> r -> rSource

Delete a key in session

csrf :: r -> TextSource

Return a session-specific CSRF protection token. See mkCSRFToken for help in creating the value.

toList :: r -> [(Text, Text)]Source

Return all key-value pairs as an association list


ISessionManager CookieSessionManager 

withSession :: Lens b (Snaplet SessionManager) -> Handler b v a -> Handler b v aSource

Wrap around a handler, committing any changes in the session at the end

commitSession :: Handler b SessionManager ()Source

Commit changes to session within the current request cycle

setInSession :: Text -> Text -> Handler b SessionManager ()Source

Set a key-value pair in the current session

getFromSession :: Text -> Handler b SessionManager (Maybe Text)Source

Get a key from the current session

deleteFromSession :: Text -> Handler b SessionManager ()Source

Remove a key from the current session

csrfToken :: Handler b SessionManager TextSource

Returns a CSRF Token unique to the current session

sessionToList :: Handler b SessionManager [(Text, Text)]Source

Return session contents as an association list

resetSession :: Handler b SessionManager ()Source

Deletes the session cookie, effectively resetting the session

touchSession :: Handler b SessionManager ()Source

Touch the session so the timeout gets refreshed

type SecureCookie t = (UTCTime, t)Source

Arbitrary payload with timestamp.



:: (MonadSnap m, Serialize t) 
=> ByteString

Cookie name

-> Key

Encryption key

-> Maybe Int

Timeout in seconds

-> m (Maybe t) 



:: (MonadSnap m, Serialize t) 
=> ByteString

Cookie name

-> Key

Encryption key

-> Maybe Int

Max age in seconds

-> t

Serializable payload

-> m () 

Inject the payload

checkTimeout :: MonadSnap m => Maybe Int -> UTCTime -> m BoolSource

Validate session against timeout policy.

  • If timeout is set to Nothing, never trigger a time-out.
  • Otherwise, do a regular time-out check based on current time and given timestamp.