Struct actix_session::storage::CookieSessionStore

#[non_exhaustive]
pub struct CookieSessionStore;

Use the session key, stored in the session cookie, as storage backend for the session state.

use actix_web::{cookie::Key, web, App, HttpServer, HttpResponse, Error};
use actix_session::{SessionMiddleware, storage::CookieSessionStore};

// The secret key would usually be read from a configuration file/environment variables.
fn get_secret_key() -> Key {
    // [...]
}

#[actix_web::main]
async fn main() -> std::io::Result<()> {
    let secret_key = get_secret_key();
    HttpServer::new(move ||
            App::new()
            .wrap(SessionMiddleware::new(CookieSessionStore::default(), secret_key.clone()))
            .default_service(web::to(|| HttpResponse::Ok())))
        .bind(("127.0.0.1", 8080))?
        .run()
        .await
}

Limitations

Cookies are subject to size limits so we require session keys to be shorter than 4096 bytes. This translates into a limit on the maximum size of the session state when using cookies as storage backend.

The session cookie can always be inspected by end users via the developer tools exposed by their browsers. We strongly recommend setting the policy to CookieContentSecurity::Private when using cookies as storage backend.

There is no way to invalidate a session before its natural expiry when using cookies as the storage backend.

Trait Implementations

impl Default for CookieSessionStore

fn default() -> CookieSessionStore

Returns the “default value” for a type.

impl SessionStore for CookieSessionStore

fn load<'life0, 'life1, 'async_trait>(
    &'life0 self,
    session_key: &'life1 SessionKey
) -> Pin<Box<dyn Future<Output = Result<Option<HashMap<String, String>>, LoadError>> + 'async_trait>>where
    Self: 'async_trait,
    'life0: 'async_trait,
    'life1: 'async_trait,

Loads the session state associated to a session key.

fn save<'life0, 'life1, 'async_trait>(
    &'life0 self,
    session_state: HashMap<String, String>,
    _ttl: &'life1 Duration
) -> Pin<Box<dyn Future<Output = Result<SessionKey, SaveError>> + 'async_trait>>where
    Self: 'async_trait,
    'life0: 'async_trait,
    'life1: 'async_trait,

Persist the session state for a newly created session.

fn update<'life0, 'life1, 'async_trait>(
    &'life0 self,
    _session_key: SessionKey,
    session_state: HashMap<String, String>,
    ttl: &'life1 Duration
) -> Pin<Box<dyn Future<Output = Result<SessionKey, UpdateError>> + 'async_trait>>where
    Self: 'async_trait,
    'life0: 'async_trait,
    'life1: 'async_trait,

Updates the session state associated to a pre-existing session key.

fn update_ttl<'life0, 'life1, 'life2, 'async_trait>(
    &'life0 self,
    _session_key: &'life1 SessionKey,
    _ttl: &'life2 Duration
) -> Pin<Box<dyn Future<Output = Result<(), Error>> + 'async_trait>>where
    Self: 'async_trait,
    'life0: 'async_trait,
    'life1: 'async_trait,
    'life2: 'async_trait,

Updates the TTL of the session state associated to a pre-existing session key.

fn delete<'life0, 'life1, 'async_trait>(
    &'life0 self,
    _session_key: &'life1 SessionKey
) -> Pin<Box<dyn Future<Output = Result<(), Error>> + 'async_trait>>where
    Self: 'async_trait,
    'life0: 'async_trait,
    'life1: 'async_trait,

Deletes a session from the store.