Figure out how to do session expiration #3
Labels
Comments
|
Also fuck generality, I'll do this as per-backend param. |
untitaker
changed the title
|
Will you use this :https://github.com/zoumi/iron_config ? |
|
What stops you from already using it? You can just pass the data from iron-config into iron-sessionstorage during init
…On 12 February 2017 16:01:07 CET, zoumi ***@***.***> wrote:
Will you use this :https://github.com/zoumi/iron_config ?
--
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub:
#3 (comment)
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
|
|
Is there currently a simple way of doing this for SignedCookieBackend? I'm currently doing it by using SignedCookieBackend::set_cookie_modifier, but this takes takes a function which takes an immutable cookie. I end up having to do something like this: fn set_cookie_attributes(cookie: Cookie) -> Cookie {
let mut c = cookie.clone();
c.max_age = Some(1);
c
}While it does work, it seems a bit unnecessary. |
|
The function doesn't take an immutable or mutable cookie, it just takes a
cookie by value. Whether you want that cookie to be mutable or not is your
choice then.
```Rust
fn set_cookie_attributes(mut cookie: Cookie) -> Cookie {
cookie.max_age = Some(1);
cookie
}
```
Also it's not safe to just set `max_age`, because the user can forge that to
whichever value they want. Whether this matters or not depends on your threat
model. It's better to set this as a session value and have your own expiration
logic.
…On Wed, Mar 01, 2017 at 02:21:23AM -0800, Fredrik Jonsén wrote:
Is there currently a simple way of doing this for SignedCookieBackend? I'm currently doing it by using SignedCookieBackend::set_cookie_modifier, but this takes takes a function which takes an immutable cookie. I end up having to do something like this:
```Rust
fn set_cookie_attributes(cookie: Cookie) -> Cookie {
let mut c = cookie.clone();
c.max_age = Some(1);
c
}
```
While it does work, it seems a bit unnecessary.
--
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub:
#3 (comment)
|
|
Ah, I see. My mistake then. New to Rust, and still trying to figure out the syntax in some cases. |
|
Is this implemented for the redis backend yet? If yes, could you give me a small example? |
|
It is not implemented for any interface.
…On 27 March 2017 00:48:19 CEST, Jan Nils Ferner ***@***.***> wrote:
Is this implemented for the redis backend yet? If yes, could you give
me a small example?
--
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub:
#3 (comment)
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
No description provided.
The text was updated successfully, but these errors were encountered: