<noscript><linkrel="stylesheet"href="../noscript.css"></noscript><linkrel="icon"href="https://actix.rs/favicon.ico"></head><bodyclass="rustdoc mod crate"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><navclass="mobile-topbar"><buttonclass="sidebar-menu-toggle">☰</button><aclass="sidebar-logo"href="../actix_session/index.html"><divclass="logo-container"><imgsrc="https://actix.rs/img/logo.png"alt="logo"></div>
<imgsrc="https://actix.rs/img/logo.png"alt="logo"></a><navclass="sub"><divclass="theme-picker hidden"><buttonid="theme-picker"aria-label="Pick another theme!"aria-haspopup="menu"title="themes"><imgwidth="22"height="22"alt="Pick another theme!"src="../brush.svg"></button><divid="theme-choices"role="menu"></div></div><formclass="search-form"><divclass="search-container"><span></span><inputclass="search-input"name="search"autocomplete="off"spellcheck="false"placeholder="Click or press ‘S’ to search, ‘?’ for more options…"type="search"><buttontype="button"id="help-button"title="help">?</button><aid="settings-menu"href="../settings.html"title="settings"><imgwidth="22"height="22"alt="Change settings"src="../wheel.svg"></a></div></form></nav></div><sectionid="main-content"class="content"><divclass="main-heading">
<p>The HTTP protocol, at a first glance, is stateless: the client sends a request, the server
parses its content, performs some processing and returns a response. The outcome is only
influenced by the provided inputs (i.e. the request content) and whatever state the server
queries while performing its processing.</p>
<p>Stateless systems are easier to reason about, but they are not quite as powerful as we need to
be - e.g. how do you authenticate a user? The user would be forced to authenticate <strong>for every
single request</strong>. That is, for example, how ‘Basic’ Authentication works. While it may work for
a machine user (i.e. an API client), it is impractical for a person—you do not want a login
prompt on every single page you navigate to!</p>
<p>There is a solution - <strong>sessions</strong>. Using sessions the server can attach state to a set of
requests coming from the same client. They are built on top of cookies - the server sets a
cookie in the HTTP response (<code>Set-Cookie</code> header), the client (e.g. the browser) will store the
cookie and play it back to the server when sending new requests (using the <code>Cookie</code> header).</p>
<p>We refer to the cookie used for sessions as a <strong>session cookie</strong>. Its content is called
<strong>session key</strong> (or <strong>session ID</strong>), while the state attached to the session is referred to as
<strong>session state</strong>.</p>
<p><code>actix-session</code> provides an easy-to-use framework to manage sessions in applications built on
top of Actix Web. <ahref="struct.SessionMiddleware.html"title="SessionMiddleware"><code>SessionMiddleware</code></a> is the middleware underpinning the functionality
provided by <code>actix-session</code>; it takes care of all the session cookie handling and instructs the
<strong>storage backend</strong> to create/delete/update the session state based on the operations performed
against the active <ahref="struct.Session.html"title="Session"><code>Session</code></a>.</p>
<p><code>actix-session</code> provides some built-in storage backends: (<ahref="storage/struct.CookieSessionStore.html"><code>CookieSessionStore</code></a>,
<ahref="storage/struct.RedisSessionStore.html"><code>RedisSessionStore</code></a>, and <ahref="storage/struct.RedisActorSessionStore.html"><code>RedisActorSessionStore</code></a>) - you can create a custom storage backend
by implementing the <ahref="storage/trait.SessionStore.html"><code>SessionStore</code></a> trait.</p>
<p>To start using sessions in your Actix Web application you must register <ahref="struct.SessionMiddleware.html"title="SessionMiddleware"><code>SessionMiddleware</code></a>
<p>The session state can be accessed and modified by your request handlers using the <ahref="struct.Session.html"title="Session"><code>Session</code></a>
<p>a purely cookie-based “backend”, <ahref="storage/struct.CookieSessionStore.html"><code>CookieSessionStore</code></a>, using the <code>cookie-session</code> feature
actix-session = { version = "...", features = ["cookie-session"] }</code></pre></div></li>
<li>
<p>a Redis-based backend via <ahref="https://docs.rs/acitx-redis"><code>actix-redis</code></a>,
<ahref="storage/struct.RedisActorSessionStore.html"><code>RedisActorSessionStore</code></a>, using the <code>redis-actor-session</code> feature flag.</p>
actix-session = { version = "...", features = ["redis-actor-session"] }</code></pre></div></li>
<li>
<p>a Redis-based backend via <ahref="https://docs.rs/redis-rs"><code>redis-rs</code></a>, <ahref="storage/struct.RedisSessionStore.html"><code>RedisSessionStore</code></a>, using
the <code>redis-rs-session</code> feature flag.</p>
<divclass="item-table"><divclass="item-row"><divclass="item-left module-item"><aclass="struct"href="struct.Session.html"title="actix_session::Session struct">Session</a></div><divclass="item-right docblock-short"><p>The primary interface to access and modify session state.</p>
</div></div><divclass="item-row"><divclass="item-left module-item"><aclass="struct"href="struct.SessionMiddleware.html"title="actix_session::SessionMiddleware struct">SessionMiddleware</a></div><divclass="item-right docblock-short"><p>A middleware for session management in Actix Web applications.</p>
</div></div><divclass="item-row"><divclass="item-left module-item"><aclass="struct"href="struct.SessionMiddlewareBuilder.html"title="actix_session::SessionMiddlewareBuilder struct">SessionMiddlewareBuilder</a></div><divclass="item-right docblock-short"><p>A fluent builder to construct a <ahref="struct.SessionMiddleware.html"title="SessionMiddleware"><code>SessionMiddleware</code></a> instance with custom configuration
<divclass="item-table"><divclass="item-row"><divclass="item-left module-item"><aclass="enum"href="enum.CookieContentSecurity.html"title="actix_session::CookieContentSecurity enum">CookieContentSecurity</a></div><divclass="item-right docblock-short"><p>Used by <ahref="struct.SessionMiddlewareBuilder.html#method.cookie_content_security"title="SessionMiddlewareBuilder::cookie_content_security"><code>SessionMiddlewareBuilder::cookie_content_security</code></a> to determine how to secure
the content of the session cookie.</p>
</div></div><divclass="item-row"><divclass="item-left module-item"><aclass="enum"href="enum.SessionLength.html"title="actix_session::SessionLength enum">SessionLength</a></div><divclass="item-right docblock-short"><p>Describes how long a session should last.</p>
</div></div><divclass="item-row"><divclass="item-left module-item"><aclass="enum"href="enum.SessionStatus.html"title="actix_session::SessionStatus enum">SessionStatus</a></div><divclass="item-right docblock-short"><p>Status of a <ahref="struct.Session.html"title="Session"><code>Session</code></a>.</p>
<divclass="item-table"><divclass="item-row"><divclass="item-left module-item"><aclass="trait"href="trait.SessionExt.html"title="actix_session::SessionExt trait">SessionExt</a></div><divclass="item-right docblock-short"><p>Extract a <ahref="struct.Session.html"title="Session"><code>Session</code></a> object from various <code>actix-web</code> types (e.g. <code>HttpRequest</code>,
