<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="Source of the Rust file `actix-session/src/storage/cookie.rs`."><title>cookie.rs - source</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../static.files/SourceSerif4-Regular-46f98efaafac5295.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../static.files/FiraSans-Regular-018c141bf0843ffd.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../static.files/FiraSans-Medium-8f9a781e4970d388.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../static.files/SourceCodePro-Regular-562dcc5011b6de7d.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../static.files/SourceCodePro-Semibold-d899c5a5c4aeb14a.ttf.woff2"><link rel="stylesheet" href="../../../static.files/normalize-76eba96aa4d2e634.css"><link rel="stylesheet" href="../../../static.files/rustdoc-5bc39a1768837dd0.css"><meta name="rustdoc-vars" data-root-path="../../../" data-static-root-path="../../../static.files/" data-current-crate="actix_session" data-themes="" data-resource-suffix="" data-rustdoc-version="1.78.0-nightly (b11fbfbf3 2024-02-03)" data-channel="nightly" data-search-js="search-dd67cee4cfa65049.js" data-settings-js="settings-4313503d2e1961c2.js" ><script src="../../../static.files/storage-4c98445ec4002617.js"></script><script defer src="../../../static.files/src-script-e66d777a5a92e9b2.js"></script><script defer src="../../../src-files.js"></script><script defer src="../../../static.files/main-48f368f3872407c8.js"></script><noscript><link rel="stylesheet" href="../../../static.files/noscript-04d5337699b92874.css"></noscript><link rel="icon" href="https://actix.rs/favicon.ico"></head><body class="rustdoc src"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="sidebar"><div class="src-sidebar-title"> <h2>Files</h2></div></nav><div class="sidebar-resizer"></div> <main><nav class="sub"><form class="search-form"><span></span><div id="sidebar-button" tabindex="-1"><a href="../../../actix_session/all.html" title="show sidebar"></a></div><input class="search-input" name="search" aria-label="Run search in the documentation" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" tabindex="-1"><a href="../../../help.html" title="help">?</a></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../static.files/wheel-7b819b6101059cd0.svg"></a></div></form></nav><section id="main-content" class="content"><div class="example-wrap"><div data-nosnippet><pre class="src-line-numbers"><a href="#1" id="1">1</a> <a href="#2" id="2">2</a> <a href="#3" id="3">3</a> <a href="#4" id="4">4</a> <a href="#5" id="5">5</a> <a href="#6" id="6">6</a> <a href="#7" id="7">7</a> <a href="#8" id="8">8</a> <a href="#9" id="9">9</a> <a href="#10" id="10">10</a> <a href="#11" id="11">11</a> <a href="#12" id="12">12</a> <a href="#13" id="13">13</a> <a href="#14" id="14">14</a> <a href="#15" id="15">15</a> <a href="#16" id="16">16</a> <a href="#17" id="17">17</a> <a href="#18" id="18">18</a> <a href="#19" id="19">19</a> <a href="#20" id="20">20</a> <a href="#21" id="21">21</a> <a href="#22" id="22">22</a> <a href="#23" id="23">23</a> <a href="#24" id="24">24</a> <a href="#25" id="25">25</a> <a href="#26" id="26">26</a> <a href="#27" id="27">27</a> <a href="#28" id="28">28</a> <a href="#29" id="29">29</a> <a href="#30" id="30">30</a> <a href="#31" id="31">31</a> <a href="#32" id="32">32</a> <a href="#33" id="33">33</a> <a href="#34" id="34">34</a> <a href="#35" id="35">35</a> <a href="#36" id="36">36</a> <a href="#37" id="37">37</a> <a href="#38" id="38">38</a> <a href="#39" id="39">39</a> <a href="#40" id="40">40</a> <a href="#41" id="41">41</a> <a href="#42" id="42">42</a> <a href="#43" id="43">43</a> <a href="#44" id="44">44</a> <a href="#45" id="45">45</a> <a href="#46" id="46">46</a> <a href="#47" id="47">47</a> <a href="#48" id="48">48</a> <a href="#49" id="49">49</a> <a href="#50" id="50">50</a> <a href="#51" id="51">51</a> <a href="#52" id="52">52</a> <a href="#53" id="53">53</a> <a href="#54" id="54">54</a> <a href="#55" id="55">55</a> <a href="#56" id="56">56</a> <a href="#57" id="57">57</a> <a href="#58" id="58">58</a> <a href="#59" id="59">59</a> <a href="#60" id="60">60</a> <a href="#61" id="61">61</a> <a href="#62" id="62">62</a> <a href="#63" id="63">63</a> <a href="#64" id="64">64</a> <a href="#65" id="65">65</a> <a href="#66" id="66">66</a> <a href="#67" id="67">67</a> <a href="#68" id="68">68</a> <a href="#69" id="69">69</a> <a href="#70" id="70">70</a> <a href="#71" id="71">71</a> <a href="#72" id="72">72</a> <a href="#73" id="73">73</a> <a href="#74" id="74">74</a> <a href="#75" id="75">75</a> <a href="#76" id="76">76</a> <a href="#77" id="77">77</a> <a href="#78" id="78">78</a> <a href="#79" id="79">79</a> <a href="#80" id="80">80</a> <a href="#81" id="81">81</a> <a href="#82" id="82">82</a> <a href="#83" id="83">83</a> <a href="#84" id="84">84</a> <a href="#85" id="85">85</a> <a href="#86" id="86">86</a> <a href="#87" id="87">87</a> <a href="#88" id="88">88</a> <a href="#89" id="89">89</a> <a href="#90" id="90">90</a> <a href="#91" id="91">91</a> <a href="#92" id="92">92</a> <a href="#93" id="93">93</a> <a href="#94" id="94">94</a> <a href="#95" id="95">95</a> <a href="#96" id="96">96</a> <a href="#97" id="97">97</a> <a href="#98" id="98">98</a> <a href="#99" id="99">99</a> <a href="#100" id="100">100</a> <a href="#101" id="101">101</a> <a href="#102" id="102">102</a> <a href="#103" id="103">103</a> <a href="#104" id="104">104</a> <a href="#105" id="105">105</a> <a href="#106" id="106">106</a> <a href="#107" id="107">107</a> <a href="#108" id="108">108</a> <a href="#109" id="109">109</a> <a href="#110" id="110">110</a> <a href="#111" id="111">111</a> <a href="#112" id="112">112</a> <a href="#113" id="113">113</a> <a href="#114" id="114">114</a> <a href="#115" id="115">115</a> <a href="#116" id="116">116</a> <a href="#117" id="117">117</a> </pre></div><pre class="rust"><code><span class="kw">use </span>actix_web::cookie::time::Duration; <span class="kw">use </span>anyhow::Error; <span class="kw">use </span><span class="kw">super</span>::SessionKey; <span class="kw">use </span><span class="kw">crate</span>::storage::{ interface::{LoadError, SaveError, SessionState, UpdateError}, SessionStore, }; <span class="doccomment">/// Use the session key, stored in the session cookie, as storage backend for the session state. /// /// ```no_run /// use actix_web::{cookie::Key, web, App, HttpServer, HttpResponse, Error}; /// use actix_session::{SessionMiddleware, storage::CookieSessionStore}; /// /// // The secret key would usually be read from a configuration file/environment variables. /// fn get_secret_key() -> Key { /// # todo!() /// // [...] /// } /// /// #[actix_web::main] /// async fn main() -> std::io::Result<()> { /// let secret_key = get_secret_key(); /// HttpServer::new(move || /// App::new() /// .wrap(SessionMiddleware::new(CookieSessionStore::default(), secret_key.clone())) /// .default_service(web::to(|| HttpResponse::Ok()))) /// .bind(("127.0.0.1", 8080))? /// .run() /// .await /// } /// ``` /// /// # Limitations /// Cookies are subject to size limits so we require session keys to be shorter than 4096 bytes. /// This translates into a limit on the maximum size of the session state when using cookies as /// storage backend. /// /// The session cookie can always be inspected by end users via the developer tools exposed by their /// browsers. We strongly recommend setting the policy to [`CookieContentSecurity::Private`] when /// using cookies as storage backend. /// /// There is no way to invalidate a session before its natural expiry when using cookies as the /// storage backend. /// /// [`CookieContentSecurity::Private`]: crate::config::CookieContentSecurity::Private </span><span class="attr">#[derive(Default)] #[non_exhaustive] </span><span class="kw">pub struct </span>CookieSessionStore; <span class="kw">impl </span>SessionStore <span class="kw">for </span>CookieSessionStore { <span class="kw">async fn </span>load(<span class="kw-2">&</span><span class="self">self</span>, session_key: <span class="kw-2">&</span>SessionKey) -> <span class="prelude-ty">Result</span><<span class="prelude-ty">Option</span><SessionState>, LoadError> { serde_json::from_str(session_key.as_ref()) .map(<span class="prelude-val">Some</span>) .map_err(anyhow::Error::new) .map_err(LoadError::Deserialization) } <span class="kw">async fn </span>save( <span class="kw-2">&</span><span class="self">self</span>, session_state: SessionState, _ttl: <span class="kw-2">&</span>Duration, ) -> <span class="prelude-ty">Result</span><SessionKey, SaveError> { <span class="kw">let </span>session_key = serde_json::to_string(<span class="kw-2">&</span>session_state) .map_err(anyhow::Error::new) .map_err(SaveError::Serialization)<span class="question-mark">?</span>; session_key .try_into() .map_err(Into::into) .map_err(SaveError::Other) } <span class="kw">async fn </span>update( <span class="kw-2">&</span><span class="self">self</span>, _session_key: SessionKey, session_state: SessionState, ttl: <span class="kw-2">&</span>Duration, ) -> <span class="prelude-ty">Result</span><SessionKey, UpdateError> { <span class="self">self</span>.save(session_state, ttl) .<span class="kw">await </span>.map_err(|err| <span class="kw">match </span>err { SaveError::Serialization(err) => UpdateError::Serialization(err), SaveError::Other(err) => UpdateError::Other(err), }) } <span class="kw">async fn </span>update_ttl(<span class="kw-2">&</span><span class="self">self</span>, _session_key: <span class="kw-2">&</span>SessionKey, _ttl: <span class="kw-2">&</span>Duration) -> <span class="prelude-ty">Result</span><(), Error> { <span class="prelude-val">Ok</span>(()) } <span class="kw">async fn </span>delete(<span class="kw-2">&</span><span class="self">self</span>, _session_key: <span class="kw-2">&</span>SessionKey) -> <span class="prelude-ty">Result</span><(), anyhow::Error> { <span class="prelude-val">Ok</span>(()) } } <span class="attr">#[cfg(test)] </span><span class="kw">mod </span>tests { <span class="kw">use super</span>::<span class="kw-2">*</span>; <span class="kw">use crate</span>::{storage::utils::generate_session_key, test_helpers::acceptance_test_suite}; <span class="attr">#[actix_web::test] </span><span class="kw">async fn </span>test_session_workflow() { acceptance_test_suite(CookieSessionStore::default, <span class="bool-val">false</span>).<span class="kw">await</span>; } <span class="attr">#[actix_web::test] </span><span class="kw">async fn </span>loading_a_random_session_key_returns_deserialization_error() { <span class="kw">let </span>store = CookieSessionStore::default(); <span class="kw">let </span>session_key = generate_session_key(); <span class="macro">assert!</span>(<span class="macro">matches!</span>( store.load(<span class="kw-2">&</span>session_key).<span class="kw">await</span>.unwrap_err(), LoadError::Deserialization(<span class="kw">_</span>), )); } } </code></pre></div></section></main></body></html>