Enum actix_session::CookieContentSecurity
source · [−]pub enum CookieContentSecurity {
+ Enum actix_session::CookieContentSecurity
source · [−]pub enum CookieContentSecurity {
Private,
Signed,
}Expand description
Used by SessionMiddlewareBuilder::cookie_content_security to determine how to secure
the content of the session cookie.
Variants
Private
The cookie content is encrypted when using CookieContentSecurity::Private.
Encryption guarantees confidentiality and integrity: the client cannot -tamper with the cookie content nor decode it, as long as the encryption key remains -confidential.
+Encryption guarantees confidentiality and integrity: the client cannot tamper with the +cookie content nor decode it, as long as the encryption key remains confidential.
Signed
The cookie content is signed when using CookieContentSecurity::Signed.
Signing guarantees integrity, but it doesn’t ensure confidentiality: the client -cannot tamper with the cookie content, but they can read it.
+Signing guarantees integrity, but it doesn’t ensure confidentiality: the client cannot +tamper with the cookie content, but they can read it.
Trait Implementations
sourceimpl Clone for CookieContentSecurity
impl Clone for CookieContentSecurity
sourcefn clone(&self) -> CookieContentSecurity
fn clone(&self) -> CookieContentSecurity
Returns a copy of the value. Read more
1.0.0 · sourcefn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
Performs copy-assignment from source. Read more
sourceimpl Debug for CookieContentSecurity
impl Debug for CookieContentSecurity
sourcefn fmt(&self, f: &mut Formatter<'_>) -> Result
fn fmt(&self, f: &mut Formatter<'_>) -> Result
Formats the value using the given formatter. Read more
diff --git a/actix_session/index.html b/actix_session/index.html index 275b1e5fa..a4433df53 100644 --- a/actix_session/index.html +++ b/actix_session/index.html @@ -4,18 +4,18 @@Crate actix_session
Crate actix_session
source · [−]Expand description
Session management for Actix Web.
The HTTP protocol, at a first glance, is stateless: the client sends a request, the server parses its content, performs some processing and returns a response. The outcome is only influenced by the provided inputs (i.e. the request content) and whatever state the server queries while performing its processing.
-Stateless systems are easier to reason about, but they are not quite as powerful as we need them to -be - e.g. how do you authenticate a user? The user would be forced to authenticate for every -single request. That is, for example, how ‘Basic’ Authentication works. While it may work for -a machine user (i.e. an API client), it is impractical for a person—you do not want a login -prompt on every single page you navigate to!
+Stateless systems are easier to reason about, but they are not quite as powerful as we need them +to be - e.g. how do you authenticate a user? The user would be forced to authenticate for +every single request. That is, for example, how ‘Basic’ Authentication works. While it may +work for a machine user (i.e. an API client), it is impractical for a person—you do not want a +login prompt on every single page you navigate to!
There is a solution - sessions. Using sessions the server can attach state to a set of
requests coming from the same client. They are built on top of cookies - the server sets a
cookie in the HTTP response (Set-Cookie header), the client (e.g. the browser) will store the
diff --git a/actix_session/struct.SessionMiddleware.html b/actix_session/struct.SessionMiddleware.html
index 0c4989100..58a7d052c 100644
--- a/actix_session/struct.SessionMiddleware.html
+++ b/actix_session/struct.SessionMiddleware.html
@@ -88,7 +88,7 @@ each configuration parameter.
We expose knobs to change the default to suit your needs—i.e., if you know what you are doing, we will not stop you. But being a subject-matter expert should not be a requirement to deploy reasonably secure implementation of sessions.
-Implementations
sourceimpl<Store: SessionStore> SessionMiddleware<Store>
impl<Store: SessionStore> SessionMiddleware<Store>
sourcepub fn new(store: Store, key: Key) -> Self
pub fn new(store: Store, key: Key) -> Self
Use SessionMiddleware::new to initialize the session framework using the default
+
Implementations
sourceimpl<Store: SessionStore> SessionMiddleware<Store>
impl<Store: SessionStore> SessionMiddleware<Store>
sourcepub fn new(store: Store, key: Key) -> Self
pub fn new(store: Store, key: Key) -> Self
Use SessionMiddleware::new to initialize the session framework using the default
parameters.
To create a new instance of SessionMiddleware you need to provide:
-
@@ -96,7 +96,7 @@ parameters.
`SessionStore);
- a secret key, to sign or encrypt the content of client-side session cookie.
sourcepub fn builder(store: Store, key: Key) -> SessionMiddlewareBuilder<Store>
pub fn builder(store: Store, key: Key) -> SessionMiddlewareBuilder<Store>
A fluent API to configure SessionMiddleware.
sourcepub fn builder(store: Store, key: Key) -> SessionMiddlewareBuilder<Store>
pub fn builder(store: Store, key: Key) -> SessionMiddlewareBuilder<Store>
A fluent API to configure SessionMiddleware.
It takes as input the two required inputs to create a new instance of SessionMiddleware:
- an instance of the session storage backend you wish to use (i.e. an implementation of @@ -105,12 +105,12 @@ parameters.
Trait Implementations
sourceimpl<Store: Clone + SessionStore> Clone for SessionMiddleware<Store>
impl<Store: Clone + SessionStore> Clone for SessionMiddleware<Store>
sourcefn clone(&self) -> SessionMiddleware<Store>
fn clone(&self) -> SessionMiddleware<Store>
Returns a copy of the value. Read more
1.0.0 · sourcefn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
Performs copy-assignment from source. Read more
sourceimpl<S, B, Store> Transform<S, ServiceRequest> for SessionMiddleware<Store> where
S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = Error> + 'static,
S::Future: 'static,
B: MessageBody + 'static,
Store: SessionStore + 'static,
impl<S, B, Store> Transform<S, ServiceRequest> for SessionMiddleware<Store> where
S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = Error> + 'static,
S::Future: 'static,
B: MessageBody + 'static,
Store: SessionStore + 'static,
type Response = ServiceResponse<B>
type Response = ServiceResponse<B>
Responses produced by the service.
+sourceimpl<S, B, Store> Transform<S, ServiceRequest> for SessionMiddleware<Store> where
S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = Error> + 'static,
S::Future: 'static,
B: MessageBody + 'static,
Store: SessionStore + 'static,
impl<S, B, Store> Transform<S, ServiceRequest> for SessionMiddleware<Store> where
S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = Error> + 'static,
S::Future: 'static,
B: MessageBody + 'static,
Store: SessionStore + 'static,
type Response = ServiceResponse<B>
type Response = ServiceResponse<B>
Responses produced by the service.
type Error = Error
type Error = Error
Errors produced by the service.
type Transform = InnerSessionMiddleware<S, Store>
type Transform = InnerSessionMiddleware<S, Store>
The TransformService value created by this factory
sourcefn new_transform(&self, service: S) -> Self::Future
fn new_transform(&self, service: S) -> Self::Future
Creates and returns a new Transform component, asynchronously
+sourcefn new_transform(&self, service: S) -> Self::Future
fn new_transform(&self, service: S) -> Self::Future
Creates and returns a new Transform component, asynchronously
Auto Trait Implementations
impl<Store> RefUnwindSafe for SessionMiddleware<Store> where
Store: RefUnwindSafe,
impl<Store> !Send for SessionMiddleware<Store>
impl<Store> !Sync for SessionMiddleware<Store>
impl<Store> Unpin for SessionMiddleware<Store>
impl<Store> UnwindSafe for SessionMiddleware<Store> where
Store: RefUnwindSafe,
Blanket Implementations
sourceimpl<T> BorrowMut<T> for T where
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
const: unstable · sourcefn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more
diff --git a/actix_session/struct.SessionMiddlewareBuilder.html b/actix_session/struct.SessionMiddlewareBuilder.html index c25366c69..4bd8a7c40 100644 --- a/actix_session/struct.SessionMiddlewareBuilder.html +++ b/actix_session/struct.SessionMiddlewareBuilder.html @@ -6,26 +6,26 @@SessionMiddlewareBuilder
Struct actix_session::SessionMiddlewareBuilder
source · [−]pub struct SessionMiddlewareBuilder<Store: SessionStore> { /* private fields */ }Expand description
A fluent builder to construct a SessionMiddleware instance with custom configuration
+
Struct actix_session::SessionMiddlewareBuilder
source · [−]pub struct SessionMiddlewareBuilder<Store: SessionStore> { /* private fields */ }Expand description
A fluent builder to construct a SessionMiddleware instance with custom configuration
parameters.
Implementations
sourceimpl<Store: SessionStore> SessionMiddlewareBuilder<Store>
impl<Store: SessionStore> SessionMiddlewareBuilder<Store>
Set the name of the cookie used to store the session ID.
+Implementations
sourceimpl<Store: SessionStore> SessionMiddlewareBuilder<Store>
impl<Store: SessionStore> SessionMiddlewareBuilder<Store>
Set the name of the cookie used to store the session ID.
Defaults to id.
Set the Secure attribute for the cookie used to store the session ID.
Set the Secure attribute for the cookie used to store the session ID.
If the cookie is set as secure, it will only be transmitted when the connection is secure
(using https).
Default is true.
sourcepub fn session_length(self, session_length: SessionLength) -> Self
pub fn session_length(self, session_length: SessionLength) -> Self
Determine how long a session should last - check out SessionLength’s documentation for
+
sourcepub fn session_length(self, session_length: SessionLength) -> Self
pub fn session_length(self, session_length: SessionLength) -> Self
Determine how long a session should last - check out SessionLength’s documentation for
more details on the available options.
Default is SessionLength::BrowserSession.
Set the SameSite attribute for the cookie used to store the session ID.
Set the SameSite attribute for the cookie used to store the session ID.
By default, the attribute is set to Lax.
Set the Path attribute for the cookie used to store the session ID.
Set the Path attribute for the cookie used to store the session ID.
By default, the attribute is set to /.
Set the Domain attribute for the cookie used to store the session ID.
Set the Domain attribute for the cookie used to store the session ID.
Use None to leave the attribute unspecified. If unspecified, the attribute defaults
to the same host that set the cookie, excluding subdomains.
By default, the attribute is left unspecified.
-Choose how the session cookie content should be secured.
+Choose how the session cookie content should be secured.
CookieContentSecurity::Privateselects encrypted cookie content.CookieContentSecurity::Signedselects signed cookie content.
@@ -38,11 +38,11 @@ key by accident, regardless of
Set the HttpOnly attribute for the cookie used to store the session ID.
Set the HttpOnly attribute for the cookie used to store the session ID.
If the cookie is set as HttpOnly, it will not be visible to any JavaScript snippets
running in the browser.
Default is true.
sourcepub fn build(self) -> SessionMiddleware<Store>
pub fn build(self) -> SessionMiddleware<Store>
Finalise the builder and return a SessionMiddleware instance.
sourcepub fn build(self) -> SessionMiddleware<Store>
pub fn build(self) -> SessionMiddleware<Store>
Finalise the builder and return a SessionMiddleware instance.
Auto Trait Implementations
impl<Store> RefUnwindSafe for SessionMiddlewareBuilder<Store> where
Store: RefUnwindSafe,
impl<Store> !Send for SessionMiddlewareBuilder<Store>
impl<Store> !Sync for SessionMiddlewareBuilder<Store>
impl<Store> Unpin for SessionMiddlewareBuilder<Store>
impl<Store> UnwindSafe for SessionMiddlewareBuilder<Store> where
Store: RefUnwindSafe,
Blanket Implementations
sourceimpl<T> BorrowMut<T> for T where
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
const: unstable · sourcefn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more
diff --git a/src/actix_session/lib.rs.html b/src/actix_session/lib.rs.html index 66f65663b..09ff8df12 100644 --- a/src/actix_session/lib.rs.html +++ b/src/actix_session/lib.rs.html @@ -598,11 +598,11 @@ //! influenced by the provided inputs (i.e. the request content) and whatever state the server //! queries while performing its processing. //! -//! Stateless systems are easier to reason about, but they are not quite as powerful as we need them to -//! be - e.g. how do you authenticate a user? The user would be forced to authenticate **for every -//! single request**. That is, for example, how 'Basic' Authentication works. While it may work for -//! a machine user (i.e. an API client), it is impractical for a person—you do not want a login -//! prompt on every single page you navigate to! +//! Stateless systems are easier to reason about, but they are not quite as powerful as we need them +//! to be - e.g. how do you authenticate a user? The user would be forced to authenticate **for +//! every single request**. That is, for example, how 'Basic' Authentication works. While it may +//! work for a machine user (i.e. an API client), it is impractical for a person—you do not want a +//! login prompt on every single page you navigate to! //! //! There is a solution - **sessions**. Using sessions the server can attach state to a set of //! requests coming from the same client. They are built on top of cookies - the server sets a diff --git a/src/actix_session/middleware.rs.html b/src/actix_session/middleware.rs.html index 59e617a86..c3efee11c 100644 --- a/src/actix_session/middleware.rs.html +++ b/src/actix_session/middleware.rs.html @@ -654,7 +654,6 @@ 647 648 649 -650use std::{collections::HashMap, convert::TryInto, fmt, future::Future, pin::Pin, rc::Rc};
use actix_utils::future::{ready, Ready};
@@ -847,15 +846,14 @@
pub enum CookieContentSecurity {
/// The cookie content is encrypted when using `CookieContentSecurity::Private`.
///
- /// Encryption guarantees confidentiality and integrity: the client cannot
- /// tamper with the cookie content nor decode it, as long as the encryption key remains
- /// confidential.
+ /// Encryption guarantees confidentiality and integrity: the client cannot tamper with the
+ /// cookie content nor decode it, as long as the encryption key remains confidential.
Private,
/// The cookie content is signed when using `CookieContentSecurity::Signed`.
///
- /// Signing guarantees integrity, but it doesn't ensure confidentiality: the client
- /// cannot tamper with the cookie content, but they can read it.
+ /// Signing guarantees integrity, but it doesn't ensure confidentiality: the client cannot
+ /// tamper with the cookie content, but they can read it.
Signed,
}