Safe Haskell | None |
---|---|
Language | Haskell98 |
Internal module exposing the guts of the package. Use at your own risk. No API stability guarantees apply.
- initServerSessionManager :: (Storage sto, SnapSession (SessionData sto)) => IO (State sto) -> SnapletInit b SessionManager
- simpleServerSessionManager :: (Storage sto, SessionData sto ~ SessionMap) => IO sto -> (State sto -> State sto) -> SnapletInit b SessionManager
- class IsSessionData sess => SnapSession sess where
- data ServerSessionManager sto = ServerSessionManager {
- currentSession :: Maybe (SessionData sto, SaveSessionToken sto)
- state :: State sto
- cookieName :: ByteString
- nonceGen :: Generator
- currentSessionMap :: String -> ServerSessionManager sto -> SessionData sto
- modifyCurrentSession :: (SessionData sto -> SessionData sto) -> ServerSessionManager sto -> ServerSessionManager sto
- createCookie :: State sto -> ByteString -> Session sess -> Cookie
- csrfKey :: Text
- forceInvalidate :: ForceInvalidate -> Handler b SessionManager ()
Documentation
initServerSessionManager :: (Storage sto, SnapSession (SessionData sto)) => IO (State sto) -> SnapletInit b SessionManager Source #
Create a new ServerSessionManager
using the given State
.
simpleServerSessionManager :: (Storage sto, SessionData sto ~ SessionMap) => IO sto -> (State sto -> State sto) -> SnapletInit b SessionManager Source #
Simplified version of initServerSessionManager
, sufficient
for most needs.
class IsSessionData sess => SnapSession sess where Source #
Class for data types that implement the operations Snap expects sessions to support.
ssInsert :: Text -> Text -> sess -> sess Source #
ssLookup :: Text -> sess -> Maybe Text Source #
ssDelete :: Text -> sess -> sess Source #
ssToList :: sess -> [(Text, Text)] Source #
ssInsertCsrf :: Text -> sess -> sess Source #
ssLookupCsrf :: sess -> Maybe Text Source #
ssForceInvalidate :: ForceInvalidate -> sess -> sess Source #
SnapSession SessionMap Source # | Uses |
data ServerSessionManager sto Source #
A ISessionManager
using server-side sessions.
ServerSessionManager | |
|
(Storage sto, SnapSession (SessionData sto)) => ISessionManager (ServerSessionManager sto) Source # | |
currentSessionMap :: String -> ServerSessionManager sto -> SessionData sto Source #
Get the current SessionData
from currentSession
and
unwrap its Just
. If it's Nothing
, error
is called. We
expect load
to be called before any other ISessionManager
method.
modifyCurrentSession :: (SessionData sto -> SessionData sto) -> ServerSessionManager sto -> ServerSessionManager sto Source #
Modify the current session in any way.
createCookie :: State sto -> ByteString -> Session sess -> Cookie Source #
Create a cookie for the given session.
The cookie expiration is set via nextExpires
. Note that
this is just an optimization, as the expiration is checked on
the server-side as well.
forceInvalidate :: ForceInvalidate -> Handler b SessionManager () Source #
Invalidate the current session ID (and possibly more, check
ForceInvalidate
). This is useful to avoid session fixation
attacks (cf. http://www.acrossecurity.com/papers/session_fixation.pdf).
Note that the invalidate does not occur when the call to
this action is made! The sessions will be invalidated when
the session is commit
ed. This means that later calls to
forceInvalidate
on the same handler will override earlier
calls.
This function works by setting a session variable that is checked when saving the session. The session variable set by this function is then discarded and is not persisted across requests.