| Copyright | (c) Birk Tjelmeland, 2016 |
|---|---|
| License | MIT |
| Maintainer | birktjelmeland@yahoo.no |
| Stability | experimental |
| Portability | POSIX |
| Safe Haskell | None |
| Language | Haskell2010 |
Happstack.Server.Session
Description
Serverside sessions for Happstack. Curently highly experimental and api might change without notice. Must be used together with a Storage Backend. See Happstack.Server.Session.Memory as an example.
- data Session a b = Session {
- sessionId :: a
- sessionExpire :: Word64
- sessionData :: b
- data SessionConfig a = SessionConfig {
- sessionAuthEncrypt :: a -> String
- sessionAuthDecrypt :: String -> Maybe a
- mkSessionConfig :: (Read a, Show a) => ByteString -> ByteString -> SessionConfig a
- data SessionHandler a b
- startSession :: SessionConfig a -> IO (a -> IO (Maybe (Session a b)), b -> Word64 -> IO (Session a b), a -> b -> IO (Maybe (Session a b)), a -> IO ()) -> IO (SessionHandler a b)
- getSession :: (MonadPlus m, MonadIO m, FilterMonad Response m, HasRqData m, Read a) => SessionHandler a b -> m (Maybe b)
- setSession :: (MonadIO m, FilterMonad Response m, Show a) => SessionHandler a b -> b -> Word64 -> m ()
- updateSession :: (MonadPlus m, MonadIO m, FilterMonad Response m, HasRqData m, Read a) => SessionHandler a b -> b -> m ()
- deleteSession :: (MonadPlus m, MonadIO m, FilterMonad Response m, HasRqData m, Read a) => SessionHandler a b -> m ()
Documentation
Session
Constructors
| Session | |
Fields
| |
data SessionConfig a Source
Configuration for session. See mkSessionConfig
Constructors
| SessionConfig | |
Fields
| |
Arguments
| :: (Read a, Show a) | |
| => ByteString | AES128 Cipher key in Base16 |
| -> ByteString | AES IV in Base16 |
| -> SessionConfig a |
|
Make the SessionConfig to be used with startSession.
Uses AES128 cipher in cbc mode to encrypt session IDs.
This function will fail with a error if a invalid key or IV is used.
The AES key and IV pair can be constructed using the OpenSSL command where secret is the password you would like to use.
See https://www.openssl.org/docs/manmaster/apps/enc.html
>>>openssl enc -aes-128-cbc -k secret -P -md sha256salt=63BDA9D94554A072 key=F4FCD1AA73DE4A31135668B4F2428AC3 iv =98EDE03AB48FC1F8BECA84D5F98A12F2
data SessionHandler a b Source
Session handler to be used with getSession, setSession, updateSession and deleteSession
Arguments
| :: SessionConfig a | Session configuration. See |
| -> IO (a -> IO (Maybe (Session a b)), b -> Word64 -> IO (Session a b), a -> b -> IO (Maybe (Session a b)), a -> IO ()) | Session handler constructor |
| -> IO (SessionHandler a b) | Session handler to be used with |
Creates a SessionHandler from SessionConfig and a session handler constructor
Example:
import Happstack.Server.Session
import Happstack.Server.Session.Memory -- ONLY USE FOR TESTING
main = do
sessionHandler <- startSession (mkSessionConfig "F4FCD1AA73DE4A31135668B4F2428AC3" "98EDE03AB48FC1F8BECA84D5F98A12F2") memoryStartSessiongetSession :: (MonadPlus m, MonadIO m, FilterMonad Response m, HasRqData m, Read a) => SessionHandler a b -> m (Maybe b) Source
Gets session in a request. If the session ID is invalid or no session is found Nothing is returned.
Arguments
| :: (MonadIO m, FilterMonad Response m, Show a) | |
| => SessionHandler a b | |
| -> b | Session data |
| -> Word64 | Session lifetime in seconds |
| -> m () |
Sets a session. DO NOT USE this function if user is not verified in some sort of way, by login, chapta, etc. Current versions of Happstack-session do not preform automatic deletions on outdated sessions which may pose a security risk if all users are allowed to register a session without verification.
Arguments
| :: (MonadPlus m, MonadIO m, FilterMonad Response m, HasRqData m, Read a) | |
| => SessionHandler a b | |
| -> b | New session data |
| -> m () |
Updates session value. Note: current versions of Happstack-session do not allow for updating session expiry
deleteSession :: (MonadPlus m, MonadIO m, FilterMonad Response m, HasRqData m, Read a) => SessionHandler a b -> m () Source
Deletes session