Network.Wai.Middleware.ClientSession

wai-extra-0.0.0.2: Provides some basic WAI handlers and middleware.

Contents

Synopsis

Documentation

clientsession

Source

:: [ByteString]	list of cookies to intercept
-> Word256	encryption key
-> Int	minutes to live
-> [(ByteString, ByteString)] -> Application
-> Request
-> IO Response
Automatic encrypting and decrypting of client session data. Using the clientsession package, this middleware handles automatic encryption, decryption, checking, expiration and renewal of whichever cookies you ask it to. For example, if you tell it to deal with the cookie "IDENTIFIER", it will do the following: When you specify an "IDENTIFIER" value in your `Response`, it will encrypt the value, along with the session expiration date and the REMOTE_HOST of the user. It will then be set as a cookie on the client. When there is an incoming "IDENTIFIER" cookie from the user, it will decrypt it and check both the expiration date and the REMOTE_HOST. If everything matches up, it will set the "IDENTIFIER" value in hackHeaders. If the client sent an "IDENTIFIER" and the application does not set a new value, this will reset the cookie to a new expiration date. This way, you do not have sessions timing out every 20 minutes. As far as security: clientsesion itself handles hashing and encrypting the data to make sure that the user can neither see not tamper with it.

defaultKeyFile :: String

The default key file.

getKey

Source

:: FilePath	File name where key is stored.
-> IO Word256	The actual 256-bit key.
Get a 256-bit key from the given text file. If the file does not exist, or did not contain enough bits, a random key will be generated and stored in that file.

getDefaultKey :: IO Word256

Simply calls getKey "client_session_key.aes"

Produced by Haddock version 2.6.1