Safe Haskell	None
Language	Haskell98

Web.ServerSession.Frontend.Wai.Internal

Description

Internal module exposing the guts of the package. Use at your own risk. No API stability guarantees apply.

Synopsis

Documentation

withServerSession #

Arguments

:: (Functor m, MonadIO m, MonadIO n, Storage sto, SessionData sto ~ SessionMap)
=> Key (Session m Text ByteString)	`Vault` key to use when passing the session through.
-> (State sto -> State sto)	Set any options on the `serversession` state.
-> sto	Storage backend.
-> n Middleware

Construct the wai-session middleware using the given storage backend and options. This is a convenient function that uses withSession, createState, sessionStore, getCookieName and createCookieTemplate.

sessionStore #

Arguments

:: (Functor m, MonadIO m, Storage sto, KeyValue (SessionData sto))
=> State sto	`serversession` state, incl. storage backend.
-> SessionStore m (Key (SessionData sto)) (Value (SessionData sto))	`wai-session` session store.

Construct the wai-session session store using the given state. Note that keys and values types are fixed.

As wai-session always requires a value to be provided, we return an empty ByteString when the empty session was not saved.

mkSession :: (Functor m, MonadIO m, KeyValue sess) => IORef sess -> Session m (Key sess) (Value sess) #

Build a Session from an IORef containing the session data.

class IsSessionData sess => KeyValue sess where #

Class for session data types that can be used as key-value stores.

Minimal complete definition

kvLookup, kvInsert

Associated Types

type Key sess :: * #

type Value sess :: * #

Methods

kvLookup :: Key sess -> sess -> Maybe (Value sess) #

kvInsert :: Key sess -> Value sess -> sess -> sess #

Instances

KeyValue SessionMap #
Associated Types type Key SessionMap :: * # type Value SessionMap :: * # Methods kvLookup :: Key SessionMap -> SessionMap -> Maybe (Value SessionMap) # kvInsert :: Key SessionMap -> Value SessionMap -> SessionMap -> SessionMap #

createCookieTemplate :: State sto -> SetCookie #

Create a cookie template given a state.

Since we don't have access to the Session, we can't fill the Expires field. Besides, as the template is constant, eventually the Expires field would become outdated. This is a limitation of wai-session's interface, not a serversession limitation. Other frontends support the Expires field.

Instead, we fill only the Max-age field. It works fine for modern browsers, but many don't support it and will treat the cookie as non-persistent (notably IE 6, 7 and 8).

calculateMaxAge :: State sto -> Maybe DiffTime #

Calculate the Max-age of a cookie template for the given state.

If the state asks for non-persistent sessions, the result is Nothing.
If no timeout is defined, the result is 10 years.
Otherwise, the max age is set as the maximum timeout.

forceInvalidate :: Session m Text ByteString -> ForceInvalidate -> m () #

Invalidate the current session ID (and possibly more, check ForceInvalidate). This is useful to avoid session fixation attacks (cf. http://www.acrossecurity.com/papers/session_fixation.pdf).