logo
pub enum SessionLength {
    BrowserSession {
        state_ttl: Option<Duration>,
    },
    Predetermined {
        max_session_length: Option<Duration>,
    },
}
Expand description

Describes how long a session should last.

Used by SessionMiddlewareBuilder::session_length.

Variants

BrowserSession

Fields

state_ttl: Option<Duration>

We must provide a time-to-live (TTL) when storing the session state in the storage backend—we do not want to store session states indefinitely, otherwise we will inevitably run out of storage by holding on to the state of countless abandoned or expired sessions!

We are dealing with the lifecycle of two uncorrelated object here: the session cookie and the session state. It is not a big issue if the session state outlives the cookie— we are wasting some space in the backend storage, but it will be cleaned up eventually. What happens, instead, if the cookie outlives the session state? A new session starts— e.g. if sessions are being used for authentication, the user is de-facto logged out.

It is not possible to predict with certainty how long a browser session is going to last—you need to provide a reasonable upper bound. You do so via state_ttl—it dictates what TTL should be used for session state when the lifecycle of the session cookie is tied to the browser session length. SessionMiddleware will default to 1 day if state_ttl is left unspecified.

The session cookie will expire when the current browser session ends.

When does a browser session end? It depends on the browser! Chrome, for example, will often continue running in the background when the browser is closed—session cookies are not deleted and they will still be available when the browser is opened again. Check the documentation of the browsers you are targeting for up-to-date information.

Predetermined

Fields

max_session_length: Option<Duration>

Set max_session_length to specify how long the session cookie should live. SessionMiddleware will default to 1 day if max_session_length is set to None.

max_session_length is also used as the TTL for the session state in the storage backend.

The session cookie will be a persistent cookie.

Persistent cookies have a pre-determined lifetime, specified via the Max-Age or Expires attribute. They do not disappear when the current browser session ends.

Trait Implementations

Returns a copy of the value. Read more

Performs copy-assignment from source. Read more

Formats the value using the given formatter. Read more

Auto Trait Implementations

Blanket Implementations

Gets the TypeId of self. Read more

Immutably borrows from an owned value. Read more

Mutably borrows from an owned value. Read more

Returns the argument unchanged.

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Should always be Self

The resulting type after obtaining ownership.

Creates owned data from borrowed data, usually by cloning. Read more

Uses borrowed data to replace owned data, usually by cloning. Read more

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more