Basic session support. Sessions are (currently) just maps of strings to strings which are serialised and sent to the client using a Cookie. Serialised, they should be less than 4K, so the sum of all your strings in the map should be < 3900 bytes to be safe.
The cookies are HMACed and encrypted so that the client can't inspect nor alter them. The key is, by default, generated randomly every time the server starts. If you want the cookies to be reusable across restarts or servers you need to set the key yourself.
Also, by the default, the cookies are set to expire when the browser session ends.
- getSession :: WebMonad (Map ByteString ByteString)
- putSession :: Map ByteString ByteString -> WebMonad ()
- addSession :: ByteString -> ByteString -> WebMonad ()
- setSessionSecretKey :: ByteString -> STM ()
Documentation
getSession :: WebMonad (Map ByteString ByteString)Source
Return the current session. If the user didn't present a cookie, or the cookie is invalid, an empty map is returned.
putSession :: Map ByteString ByteString -> WebMonad ()Source
Set the current session. This alters the headers of the current request,
so future actions which reset the headers (like setReply
) will undo
this.
addSession :: ByteString -> ByteString -> WebMonad ()Source
Add a key value pair to the session
setSessionSecretKey :: ByteString -> STM ()Source
Set the secret key used to HMAC and encrypt the session cookies.