class HTTPSession::Manager(T)
- HTTPSession::Manager(T)
- Reference
- Object
Defined in:
manager.crConstructors
-
.new(storage : Storage(T), cookie_prototype : HTTP::Cookie = HTTP::Cookie.new("session_id", "", secure: true, http_only: true, samesite: :strict))
Creates a new session handler.
Class Method Summary
-
.new_session_id(session_id_length : Int32 = 16, & : String -> Bool)
Generates a new session_id.
-
.random : Random
Random source for generating session IDs.
-
.random=(random : Random)
Random source for generating session IDs.
Instance Method Summary
-
#cookie_name
Returns the name of the cookie used to communicate the session id to the client.
-
#cookie_prototype : HTTP::Cookie
Configures the basic properties of the cookie used for communicating the session id to the client.
-
#delete(context : HTTP::Server::Context)
Terminates the session associated with the context.
- #get(context : HTTP::Server::Context) : T | Nil
-
#set(context : HTTP::Server::Context, session : T) : Nil
Sets the session for context to session.
-
#set(context : HTTP::Server::Context, session : T, & : String -> _) : Nil
Sets the session for context to session.
-
#storage : StorageInterface(T)
Returns the storage engine.
Constructor Detail
Creates a new session handler.
cookie_prototype configures the basic properties of the cookie used for
communicating the session id to the client.
It uses a secure configuration by default. This configuration can be even
more restricted (for example via Domain
and Path
properties) depending
on use case.
Lifting the default restrictions is not recommended.
Cookies are not persistent by default, thus they are expected to disappear at
the end of a browser session. Add Max-Age
or Expires
header for
persistent cookies.
Class Method Detail
Generates a new session_id.
Potential values are passed to the block which is supposed to return true
when the session_id is good and unused.
Random source for generating session IDs.
This should be a cryptographically secure pseudorandom number generator (CSPRNG).
Random source for generating session IDs.
This should be a cryptographically secure pseudorandom number generator (CSPRNG).
Instance Method Detail
Returns the name of the cookie used to communicate the session id to the client.
This value is configurable through #cookie_prototype
.
Configures the basic properties of the cookie used for communicating the session id to the client.
Terminates the session associated with the context.
Removes the session cookie and deletes the session from storage.
Sets the session for context to session.
Sets the session for context to session. Yields if context has a session_id that doesn't exist in the backend. This can be useful for detecting malicious behaviour or entirely rejecting requests with a bad session_id.
manager.set(context, user_session) do |bad_session_id|
Log.warn &.emit("Bad session_id used", bad_session_id: bad_session_id)
end