<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="Source of the Rust file `actix-session/src/config.rs`."><meta name="keywords" content="rust, rustlang, rust-lang"><title>config.rs - source</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" type="text/css" href="../../normalize.css"><link rel="stylesheet" type="text/css" href="../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../../ayu.css" disabled><link rel="stylesheet" type="text/css" href="../../dark.css" disabled><link rel="stylesheet" type="text/css" href="../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../storage.js"></script><script defer src="../../source-script.js"></script><script defer src="../../source-files.js"></script><script defer src="../../main.js"></script><noscript><link rel="stylesheet" href="../../noscript.css"></noscript><link rel="icon" href="https://actix.rs/favicon.ico"></head><body class="rustdoc source"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">☰</button><a class="sidebar-logo" href="../../actix_session/index.html"><div class="logo-container"><img src="https://actix.rs/img/logo.png" alt="logo"></div></a><h2 class="location"></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="../../actix_session/index.html"><div class="logo-container">
<img src="https://actix.rs/img/logo.png" alt="logo"></div></a></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../../actix_session/index.html">
<img src="https://actix.rs/img/logo.png" alt="logo"></a><nav class="sub"><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><button type="button">?</button></div><div id="settings-menu" tabindex="-1"><a href="../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../wheel.svg"></a></div></div></form></nav></div><section id="main-content" class="content"><div class="example-wrap"><pre class="line-numbers"><span id="1">1</span>
<span id="2">2</span>
<span id="3">3</span>
<span id="4">4</span>
<span id="5">5</span>
<span id="6">6</span>
<span id="7">7</span>
<span id="8">8</span>
<span id="9">9</span>
<span id="10">10</span>
<span id="11">11</span>
<span id="12">12</span>
<span id="13">13</span>
<span id="14">14</span>
<span id="15">15</span>
<span id="16">16</span>
<span id="17">17</span>
<span id="18">18</span>
<span id="19">19</span>
<span id="20">20</span>
<span id="21">21</span>
<span id="22">22</span>
<span id="23">23</span>
<span id="24">24</span>
<span id="25">25</span>
<span id="26">26</span>
<span id="27">27</span>
<span id="28">28</span>
<span id="29">29</span>
<span id="30">30</span>
<span id="31">31</span>
<span id="32">32</span>
<span id="33">33</span>
<span id="34">34</span>
<span id="35">35</span>
<span id="36">36</span>
<span id="37">37</span>
<span id="38">38</span>
<span id="39">39</span>
<span id="40">40</span>
<span id="41">41</span>
<span id="42">42</span>
<span id="43">43</span>
<span id="44">44</span>
<span id="45">45</span>
<span id="46">46</span>
<span id="47">47</span>
<span id="48">48</span>
<span id="49">49</span>
<span id="50">50</span>
<span id="51">51</span>
<span id="52">52</span>
<span id="53">53</span>
<span id="54">54</span>
<span id="55">55</span>
<span id="56">56</span>
<span id="57">57</span>
<span id="58">58</span>
<span id="59">59</span>
<span id="60">60</span>
<span id="61">61</span>
<span id="62">62</span>
<span id="63">63</span>
<span id="64">64</span>
<span id="65">65</span>
<span id="66">66</span>
<span id="67">67</span>
<span id="68">68</span>
<span id="69">69</span>
<span id="70">70</span>
<span id="71">71</span>
<span id="72">72</span>
<span id="73">73</span>
<span id="74">74</span>
<span id="75">75</span>
<span id="76">76</span>
<span id="77">77</span>
<span id="78">78</span>
<span id="79">79</span>
<span id="80">80</span>
<span id="81">81</span>
<span id="82">82</span>
<span id="83">83</span>
<span id="84">84</span>
<span id="85">85</span>
<span id="86">86</span>
<span id="87">87</span>
<span id="88">88</span>
<span id="89">89</span>
<span id="90">90</span>
<span id="91">91</span>
<span id="92">92</span>
<span id="93">93</span>
<span id="94">94</span>
<span id="95">95</span>
<span id="96">96</span>
<span id="97">97</span>
<span id="98">98</span>
<span id="99">99</span>
<span id="100">100</span>
<span id="101">101</span>
<span id="102">102</span>
<span id="103">103</span>
<span id="104">104</span>
<span id="105">105</span>
<span id="106">106</span>
<span id="107">107</span>
<span id="108">108</span>
<span id="109">109</span>
<span id="110">110</span>
<span id="111">111</span>
<span id="112">112</span>
<span id="113">113</span>
<span id="114">114</span>
<span id="115">115</span>
<span id="116">116</span>
<span id="117">117</span>
<span id="118">118</span>
<span id="119">119</span>
<span id="120">120</span>
<span id="121">121</span>
<span id="122">122</span>
<span id="123">123</span>
<span id="124">124</span>
<span id="125">125</span>
<span id="126">126</span>
<span id="127">127</span>
<span id="128">128</span>
<span id="129">129</span>
<span id="130">130</span>
<span id="131">131</span>
<span id="132">132</span>
<span id="133">133</span>
<span id="134">134</span>
<span id="135">135</span>
<span id="136">136</span>
<span id="137">137</span>
<span id="138">138</span>
<span id="139">139</span>
<span id="140">140</span>
<span id="141">141</span>
<span id="142">142</span>
<span id="143">143</span>
<span id="144">144</span>
<span id="145">145</span>
<span id="146">146</span>
<span id="147">147</span>
<span id="148">148</span>
<span id="149">149</span>
<span id="150">150</span>
<span id="151">151</span>
<span id="152">152</span>
<span id="153">153</span>
<span id="154">154</span>
<span id="155">155</span>
<span id="156">156</span>
<span id="157">157</span>
<span id="158">158</span>
<span id="159">159</span>
<span id="160">160</span>
<span id="161">161</span>
<span id="162">162</span>
<span id="163">163</span>
<span id="164">164</span>
<span id="165">165</span>
<span id="166">166</span>
<span id="167">167</span>
<span id="168">168</span>
<span id="169">169</span>
<span id="170">170</span>
<span id="171">171</span>
<span id="172">172</span>
<span id="173">173</span>
<span id="174">174</span>
<span id="175">175</span>
<span id="176">176</span>
<span id="177">177</span>
<span id="178">178</span>
<span id="179">179</span>
<span id="180">180</span>
<span id="181">181</span>
<span id="182">182</span>
<span id="183">183</span>
<span id="184">184</span>
<span id="185">185</span>
<span id="186">186</span>
<span id="187">187</span>
<span id="188">188</span>
<span id="189">189</span>
<span id="190">190</span>
<span id="191">191</span>
<span id="192">192</span>
<span id="193">193</span>
<span id="194">194</span>
<span id="195">195</span>
<span id="196">196</span>
<span id="197">197</span>
<span id="198">198</span>
<span id="199">199</span>
<span id="200">200</span>
<span id="201">201</span>
<span id="202">202</span>
<span id="203">203</span>
<span id="204">204</span>
<span id="205">205</span>
<span id="206">206</span>
<span id="207">207</span>
<span id="208">208</span>
<span id="209">209</span>
<span id="210">210</span>
<span id="211">211</span>
<span id="212">212</span>
<span id="213">213</span>
<span id="214">214</span>
<span id="215">215</span>
<span id="216">216</span>
<span id="217">217</span>
<span id="218">218</span>
<span id="219">219</span>
<span id="220">220</span>
<span id="221">221</span>
<span id="222">222</span>
<span id="223">223</span>
<span id="224">224</span>
<span id="225">225</span>
<span id="226">226</span>
<span id="227">227</span>
<span id="228">228</span>
<span id="229">229</span>
<span id="230">230</span>
<span id="231">231</span>
<span id="232">232</span>
<span id="233">233</span>
<span id="234">234</span>
<span id="235">235</span>
<span id="236">236</span>
<span id="237">237</span>
<span id="238">238</span>
<span id="239">239</span>
<span id="240">240</span>
<span id="241">241</span>
<span id="242">242</span>
<span id="243">243</span>
<span id="244">244</span>
<span id="245">245</span>
<span id="246">246</span>
<span id="247">247</span>
<span id="248">248</span>
<span id="249">249</span>
<span id="250">250</span>
<span id="251">251</span>
<span id="252">252</span>
<span id="253">253</span>
<span id="254">254</span>
<span id="255">255</span>
<span id="256">256</span>
<span id="257">257</span>
<span id="258">258</span>
<span id="259">259</span>
<span id="260">260</span>
<span id="261">261</span>
<span id="262">262</span>
<span id="263">263</span>
<span id="264">264</span>
<span id="265">265</span>
<span id="266">266</span>
<span id="267">267</span>
<span id="268">268</span>
<span id="269">269</span>
<span id="270">270</span>
<span id="271">271</span>
<span id="272">272</span>
<span id="273">273</span>
<span id="274">274</span>
<span id="275">275</span>
<span id="276">276</span>
<span id="277">277</span>
<span id="278">278</span>
<span id="279">279</span>
<span id="280">280</span>
<span id="281">281</span>
<span id="282">282</span>
<span id="283">283</span>
<span id="284">284</span>
<span id="285">285</span>
<span id="286">286</span>
<span id="287">287</span>
<span id="288">288</span>
<span id="289">289</span>
<span id="290">290</span>
<span id="291">291</span>
<span id="292">292</span>
<span id="293">293</span>
<span id="294">294</span>
<span id="295">295</span>
<span id="296">296</span>
<span id="297">297</span>
<span id="298">298</span>
<span id="299">299</span>
<span id="300">300</span>
<span id="301">301</span>
<span id="302">302</span>
<span id="303">303</span>
<span id="304">304</span>
<span id="305">305</span>
<span id="306">306</span>
<span id="307">307</span>
<span id="308">308</span>
<span id="309">309</span>
<span id="310">310</span>
<span id="311">311</span>
<span id="312">312</span>
<span id="313">313</span>
<span id="314">314</span>
<span id="315">315</span>
<span id="316">316</span>
<span id="317">317</span>
<span id="318">318</span>
<span id="319">319</span>
<span id="320">320</span>
<span id="321">321</span>
<span id="322">322</span>
<span id="323">323</span>
<span id="324">324</span>
<span id="325">325</span>
<span id="326">326</span>
<span id="327">327</span>
<span id="328">328</span>
<span id="329">329</span>
<span id="330">330</span>
<span id="331">331</span>
<span id="332">332</span>
<span id="333">333</span>
<span id="334">334</span>
<span id="335">335</span>
<span id="336">336</span>
<span id="337">337</span>
<span id="338">338</span>
<span id="339">339</span>
<span id="340">340</span>
<span id="341">341</span>
<span id="342">342</span>
<span id="343">343</span>
<span id="344">344</span>
<span id="345">345</span>
<span id="346">346</span>
<span id="347">347</span>
<span id="348">348</span>
<span id="349">349</span>
<span id="350">350</span>
<span id="351">351</span>
<span id="352">352</span>
<span id="353">353</span>
<span id="354">354</span>
<span id="355">355</span>
<span id="356">356</span>
<span id="357">357</span>
<span id="358">358</span>
<span id="359">359</span>
<span id="360">360</span>
<span id="361">361</span>
<span id="362">362</span>
<span id="363">363</span>
<span id="364">364</span>
<span id="365">365</span>
<span id="366">366</span>
<span id="367">367</span>
<span id="368">368</span>
<span id="369">369</span>
</pre><pre class="rust"><code><span class="doccomment">//! Configuration options to tune the behaviour of [`SessionMiddleware`].</span>
<span class="kw">use</span> <span class="ident">actix_web::cookie</span>::{<span class="ident">time::Duration</span>, <span class="ident">Key</span>, <span class="ident">SameSite</span>};
<span class="kw">use</span> <span class="kw">crate</span>::{<span class="ident">storage::SessionStore</span>, <span class="ident">SessionMiddleware</span>};
<span class="doccomment">/// Determines what type of session cookie should be used and how its lifecycle should be managed.</span>
<span class="doccomment">///</span>
<span class="doccomment">/// Used by [`SessionMiddlewareBuilder::session_lifecycle`].</span>
<span class="attribute">#[<span class="ident">derive</span>(<span class="ident">Debug</span>, <span class="ident">Clone</span>)]</span>
<span class="attribute">#[<span class="ident">non_exhaustive</span>]</span>
<span class="kw">pub</span> <span class="kw">enum</span> <span class="ident">SessionLifecycle</span> {
<span class="doccomment">/// The session cookie will expire when the current browser session ends.</span>
<span class="doccomment">///</span>
<span class="doccomment">/// When does a browser session end? It depends on the browser! Chrome, for example, will often</span>
<span class="doccomment">/// continue running in the background when the browser is closed—session cookies are not</span>
<span class="doccomment">/// deleted and they will still be available when the browser is opened again.</span>
<span class="doccomment">/// Check the documentation of the browsers you are targeting for up-to-date information.</span>
<span class="ident">BrowserSession</span>(<span class="ident">BrowserSession</span>),
<span class="doccomment">/// The session cookie will be a [persistent cookie].</span>
<span class="doccomment">///</span>
<span class="doccomment">/// Persistent cookies have a pre-determined lifetime, specified via the `Max-Age` or `Expires`</span>
<span class="doccomment">/// attribute. They do not disappear when the current browser session ends.</span>
<span class="doccomment">///</span>
<span class="doccomment">/// [persistent cookie]: https://www.whitehatsec.com/glossary/content/persistent-session-cookie</span>
<span class="ident">PersistentSession</span>(<span class="ident">PersistentSession</span>),
}
<span class="kw">impl</span> <span class="ident">From</span><span class="op"><</span><span class="ident">BrowserSession</span><span class="op">></span> <span class="kw">for</span> <span class="ident">SessionLifecycle</span> {
<span class="kw">fn</span> <span class="ident">from</span>(<span class="ident">session</span>: <span class="ident">BrowserSession</span>) -> <span class="self">Self</span> {
<span class="ident"><span class="self">Self</span>::BrowserSession</span>(<span class="ident">session</span>)
}
}
<span class="kw">impl</span> <span class="ident">From</span><span class="op"><</span><span class="ident">PersistentSession</span><span class="op">></span> <span class="kw">for</span> <span class="ident">SessionLifecycle</span> {
<span class="kw">fn</span> <span class="ident">from</span>(<span class="ident">session</span>: <span class="ident">PersistentSession</span>) -> <span class="self">Self</span> {
<span class="ident"><span class="self">Self</span>::PersistentSession</span>(<span class="ident">session</span>)
}
}
<span class="doccomment">/// A [session lifecycle](SessionLifecycle) strategy where the session cookie expires when the</span>
<span class="doccomment">/// browser's current session ends.</span>
<span class="doccomment">///</span>
<span class="doccomment">/// When does a browser session end? It depends on the browser. Chrome, for example, will often</span>
<span class="doccomment">/// continue running in the background when the browser is closed—session cookies are not deleted</span>
<span class="doccomment">/// and they will still be available when the browser is opened again. Check the documentation of</span>
<span class="doccomment">/// the browsers you are targeting for up-to-date information.</span>
<span class="attribute">#[<span class="ident">derive</span>(<span class="ident">Debug</span>, <span class="ident">Clone</span>)]</span>
<span class="kw">pub</span> <span class="kw">struct</span> <span class="ident">BrowserSession</span> {
<span class="ident">state_ttl</span>: <span class="ident">Duration</span>,
<span class="ident">state_ttl_extension_policy</span>: <span class="ident">TtlExtensionPolicy</span>,
}
<span class="kw">impl</span> <span class="ident">BrowserSession</span> {
<span class="doccomment">/// Sets a time-to-live (TTL) when storing the session state in the storage backend.</span>
<span class="doccomment">///</span>
<span class="doccomment">/// We do not want to store session states indefinitely, otherwise we will inevitably run out of</span>
<span class="doccomment">/// storage by holding on to the state of countless abandoned or expired sessions!</span>
<span class="doccomment">///</span>
<span class="doccomment">/// We are dealing with the lifecycle of two uncorrelated object here: the session cookie</span>
<span class="doccomment">/// and the session state. It is not a big issue if the session state outlives the cookie—</span>
<span class="doccomment">/// we are wasting some space in the backend storage, but it will be cleaned up eventually.</span>
<span class="doccomment">/// What happens, instead, if the cookie outlives the session state? A new session starts—</span>
<span class="doccomment">/// e.g. if sessions are being used for authentication, the user is de-facto logged out.</span>
<span class="doccomment">///</span>
<span class="doccomment">/// It is not possible to predict with certainty how long a browser session is going to</span>
<span class="doccomment">/// last—you need to provide a reasonable upper bound. You do so via `state_ttl`—it dictates</span>
<span class="doccomment">/// what TTL should be used for session state when the lifecycle of the session cookie is</span>
<span class="doccomment">/// tied to the browser session length. [`SessionMiddleware`] will default to 1 day if</span>
<span class="doccomment">/// `state_ttl` is left unspecified.</span>
<span class="doccomment">///</span>
<span class="doccomment">/// You can mitigate the risk of the session cookie outliving the session state by</span>
<span class="doccomment">/// specifying a more aggressive state TTL extension policy - check out</span>
<span class="doccomment">/// [`BrowserSession::state_ttl_extension_policy`] for more details.</span>
<span class="kw">pub</span> <span class="kw">fn</span> <span class="ident">state_ttl</span>(<span class="kw-2">mut</span> <span class="self">self</span>, <span class="ident">ttl</span>: <span class="ident">Duration</span>) -> <span class="self">Self</span> {
<span class="self">self</span>.<span class="ident">state_ttl</span> <span class="op">=</span> <span class="ident">ttl</span>;
<span class="self">self</span>
}
<span class="doccomment">/// Determine under what circumstances the TTL of your session state should be extended.</span>
<span class="doccomment">///</span>
<span class="doccomment">/// Defaults to [`TtlExtensionPolicy::OnStateChanges`] if left unspecified.</span>
<span class="doccomment">///</span>
<span class="doccomment">/// See [`TtlExtensionPolicy`] for more details.</span>
<span class="kw">pub</span> <span class="kw">fn</span> <span class="ident">state_ttl_extension_policy</span>(<span class="kw-2">mut</span> <span class="self">self</span>, <span class="ident">ttl_extension_policy</span>: <span class="ident">TtlExtensionPolicy</span>) -> <span class="self">Self</span> {
<span class="self">self</span>.<span class="ident">state_ttl_extension_policy</span> <span class="op">=</span> <span class="ident">ttl_extension_policy</span>;
<span class="self">self</span>
}
}
<span class="kw">impl</span> <span class="ident">Default</span> <span class="kw">for</span> <span class="ident">BrowserSession</span> {
<span class="kw">fn</span> <span class="ident">default</span>() -> <span class="self">Self</span> {
<span class="self">Self</span> {
<span class="ident">state_ttl</span>: <span class="ident">default_ttl</span>(),
<span class="ident">state_ttl_extension_policy</span>: <span class="ident">default_ttl_extension_policy</span>(),
}
}
}
<span class="doccomment">/// A [session lifecycle](SessionLifecycle) strategy where the session cookie will be [persistent].</span>
<span class="doccomment">///</span>
<span class="doccomment">/// Persistent cookies have a pre-determined expiration, specified via the `Max-Age` or `Expires`</span>
<span class="doccomment">/// attribute. They do not disappear when the current browser session ends.</span>
<span class="doccomment">///</span>
<span class="doccomment">/// [persistent]: https://www.whitehatsec.com/glossary/content/persistent-session-cookie</span>
<span class="attribute">#[<span class="ident">derive</span>(<span class="ident">Debug</span>, <span class="ident">Clone</span>)]</span>
<span class="kw">pub</span> <span class="kw">struct</span> <span class="ident">PersistentSession</span> {
<span class="ident">session_ttl</span>: <span class="ident">Duration</span>,
<span class="ident">ttl_extension_policy</span>: <span class="ident">TtlExtensionPolicy</span>,
}
<span class="kw">impl</span> <span class="ident">PersistentSession</span> {
<span class="doccomment">/// Specifies how long the session cookie should live.</span>
<span class="doccomment">///</span>
<span class="doccomment">/// Defaults to 1 day if left unspecified.</span>
<span class="doccomment">///</span>
<span class="doccomment">/// The session TTL is also used as the TTL for the session state in the storage backend.</span>
<span class="doccomment">///</span>
<span class="doccomment">/// A persistent session can live more than the specified TTL if the TTL is extended.</span>
<span class="doccomment">/// See [`session_ttl_extension_policy`](Self::session_ttl_extension_policy) for more details.</span>
<span class="kw">pub</span> <span class="kw">fn</span> <span class="ident">session_ttl</span>(<span class="kw-2">mut</span> <span class="self">self</span>, <span class="ident">session_ttl</span>: <span class="ident">Duration</span>) -> <span class="self">Self</span> {
<span class="self">self</span>.<span class="ident">session_ttl</span> <span class="op">=</span> <span class="ident">session_ttl</span>;
<span class="self">self</span>
}
<span class="doccomment">/// Determines under what circumstances the TTL of your session should be extended.</span>
<span class="doccomment">/// See [`TtlExtensionPolicy`] for more details.</span>
<span class="doccomment">///</span>
<span class="doccomment">/// Defaults to [`TtlExtensionPolicy::OnStateChanges`] if left unspecified.</span>
<span class="kw">pub</span> <span class="kw">fn</span> <span class="ident">session_ttl_extension_policy</span>(
<span class="kw-2">mut</span> <span class="self">self</span>,
<span class="ident">ttl_extension_policy</span>: <span class="ident">TtlExtensionPolicy</span>,
) -> <span class="self">Self</span> {
<span class="self">self</span>.<span class="ident">ttl_extension_policy</span> <span class="op">=</span> <span class="ident">ttl_extension_policy</span>;
<span class="self">self</span>
}
}
<span class="kw">impl</span> <span class="ident">Default</span> <span class="kw">for</span> <span class="ident">PersistentSession</span> {
<span class="kw">fn</span> <span class="ident">default</span>() -> <span class="self">Self</span> {
<span class="self">Self</span> {
<span class="ident">session_ttl</span>: <span class="ident">default_ttl</span>(),
<span class="ident">ttl_extension_policy</span>: <span class="ident">default_ttl_extension_policy</span>(),
}
}
}
<span class="doccomment">/// Configuration for which events should trigger an extension of the time-to-live for your session.</span>
<span class="doccomment">///</span>
<span class="doccomment">/// If you are using a [`BrowserSession`], `TtlExtensionPolicy` controls how often the TTL of</span>
<span class="doccomment">/// the session state should be refreshed. The browser is in control of the lifecycle of the</span>
<span class="doccomment">/// session cookie.</span>
<span class="doccomment">///</span>
<span class="doccomment">/// If you are using a [`PersistentSession`], `TtlExtensionPolicy` controls both the expiration</span>
<span class="doccomment">/// of the session cookie and the TTL of the session state.</span>
<span class="attribute">#[<span class="ident">derive</span>(<span class="ident">Debug</span>, <span class="ident">Clone</span>)]</span>
<span class="attribute">#[<span class="ident">non_exhaustive</span>]</span>
<span class="kw">pub</span> <span class="kw">enum</span> <span class="ident">TtlExtensionPolicy</span> {
<span class="doccomment">/// The TTL is refreshed every time the server receives a request associated with a session.</span>
<span class="doccomment">///</span>
<span class="doccomment">/// # Performance impact</span>
<span class="doccomment">/// Refreshing the TTL on every request is not free.</span>
<span class="doccomment">/// It implies a refresh of the TTL on the session state. This translates into a request over</span>
<span class="doccomment">/// the network if you are using a remote system as storage backend (e.g. Redis).</span>
<span class="doccomment">/// This impacts both the total load on your storage backend (i.e. number of</span>
<span class="doccomment">/// queries it has to handle) and the latency of the requests served by your server.</span>
<span class="ident">OnEveryRequest</span>,
<span class="doccomment">/// The TTL is refreshed every time the session state changes or the session key is renewed.</span>
<span class="ident">OnStateChanges</span>,
}
<span class="doccomment">/// Determines how to secure the content of the session cookie.</span>
<span class="doccomment">///</span>
<span class="doccomment">/// Used by [`SessionMiddlewareBuilder::cookie_content_security`].</span>
<span class="attribute">#[<span class="ident">derive</span>(<span class="ident">Debug</span>, <span class="ident">Clone</span>, <span class="ident">Copy</span>)]</span>
<span class="kw">pub</span> <span class="kw">enum</span> <span class="ident">CookieContentSecurity</span> {
<span class="doccomment">/// The cookie content is encrypted when using `CookieContentSecurity::Private`.</span>
<span class="doccomment">///</span>
<span class="doccomment">/// Encryption guarantees confidentiality and integrity: the client cannot tamper with the</span>
<span class="doccomment">/// cookie content nor decode it, as long as the encryption key remains confidential.</span>
<span class="ident">Private</span>,
<span class="doccomment">/// The cookie content is signed when using `CookieContentSecurity::Signed`.</span>
<span class="doccomment">///</span>
<span class="doccomment">/// Signing guarantees integrity, but it doesn't ensure confidentiality: the client cannot</span>
<span class="doccomment">/// tamper with the cookie content, but they can read it.</span>
<span class="ident">Signed</span>,
}
<span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">const</span> <span class="kw">fn</span> <span class="ident">default_ttl</span>() -> <span class="ident">Duration</span> {
<span class="ident">Duration::days</span>(<span class="number">1</span>)
}
<span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">const</span> <span class="kw">fn</span> <span class="ident">default_ttl_extension_policy</span>() -> <span class="ident">TtlExtensionPolicy</span> {
<span class="ident">TtlExtensionPolicy::OnStateChanges</span>
}
<span class="doccomment">/// A fluent builder to construct a [`SessionMiddleware`] instance with custom configuration</span>
<span class="doccomment">/// parameters.</span>
<span class="attribute">#[<span class="ident">must_use</span>]</span>
<span class="kw">pub</span> <span class="kw">struct</span> <span class="ident">SessionMiddlewareBuilder</span><span class="op"><</span><span class="ident">Store</span>: <span class="ident">SessionStore</span><span class="op">></span> {
<span class="ident">storage_backend</span>: <span class="ident">Store</span>,
<span class="ident">configuration</span>: <span class="ident">Configuration</span>,
}
<span class="kw">impl</span><span class="op"><</span><span class="ident">Store</span>: <span class="ident">SessionStore</span><span class="op">></span> <span class="ident">SessionMiddlewareBuilder</span><span class="op"><</span><span class="ident">Store</span><span class="op">></span> {
<span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">fn</span> <span class="ident">new</span>(<span class="ident">store</span>: <span class="ident">Store</span>, <span class="ident">configuration</span>: <span class="ident">Configuration</span>) -> <span class="self">Self</span> {
<span class="self">Self</span> {
<span class="ident">storage_backend</span>: <span class="ident">store</span>,
<span class="ident">configuration</span>,
}
}
<span class="doccomment">/// Set the name of the cookie used to store the session ID.</span>
<span class="doccomment">///</span>
<span class="doccomment">/// Defaults to `id`.</span>
<span class="kw">pub</span> <span class="kw">fn</span> <span class="ident">cookie_name</span>(<span class="kw-2">mut</span> <span class="self">self</span>, <span class="ident">name</span>: <span class="ident">String</span>) -> <span class="self">Self</span> {
<span class="self">self</span>.<span class="ident">configuration</span>.<span class="ident">cookie</span>.<span class="ident">name</span> <span class="op">=</span> <span class="ident">name</span>;
<span class="self">self</span>
}
<span class="doccomment">/// Set the `Secure` attribute for the cookie used to store the session ID.</span>
<span class="doccomment">///</span>
<span class="doccomment">/// If the cookie is set as secure, it will only be transmitted when the connection is secure</span>
<span class="doccomment">/// (using `https`).</span>
<span class="doccomment">///</span>
<span class="doccomment">/// Default is `true`.</span>
<span class="kw">pub</span> <span class="kw">fn</span> <span class="ident">cookie_secure</span>(<span class="kw-2">mut</span> <span class="self">self</span>, <span class="ident">secure</span>: <span class="ident">bool</span>) -> <span class="self">Self</span> {
<span class="self">self</span>.<span class="ident">configuration</span>.<span class="ident">cookie</span>.<span class="ident">secure</span> <span class="op">=</span> <span class="ident">secure</span>;
<span class="self">self</span>
}
<span class="doccomment">/// Determines what type of session cookie should be used and how its lifecycle should be managed.</span>
<span class="doccomment">/// Check out [`SessionLifecycle`]'s documentation for more details on the available options.</span>
<span class="doccomment">///</span>
<span class="doccomment">/// Default is [`SessionLifecycle::BrowserSession`].</span>
<span class="kw">pub</span> <span class="kw">fn</span> <span class="ident">session_lifecycle</span><span class="op"><</span><span class="ident">S</span>: <span class="ident">Into</span><span class="op"><</span><span class="ident">SessionLifecycle</span><span class="op">></span><span class="op">></span>(<span class="kw-2">mut</span> <span class="self">self</span>, <span class="ident">session_lifecycle</span>: <span class="ident">S</span>) -> <span class="self">Self</span> {
<span class="kw">match</span> <span class="ident">session_lifecycle</span>.<span class="ident">into</span>() {
<span class="ident">SessionLifecycle::BrowserSession</span>(<span class="ident">BrowserSession</span> {
<span class="ident">state_ttl</span>,
<span class="ident">state_ttl_extension_policy</span>,
}) => {
<span class="self">self</span>.<span class="ident">configuration</span>.<span class="ident">cookie</span>.<span class="ident">max_age</span> <span class="op">=</span> <span class="prelude-val">None</span>;
<span class="self">self</span>.<span class="ident">configuration</span>.<span class="ident">session</span>.<span class="ident">state_ttl</span> <span class="op">=</span> <span class="ident">state_ttl</span>;
<span class="self">self</span>.<span class="ident">configuration</span>.<span class="ident">ttl_extension_policy</span> <span class="op">=</span> <span class="ident">state_ttl_extension_policy</span>;
}
<span class="ident">SessionLifecycle::PersistentSession</span>(<span class="ident">PersistentSession</span> {
<span class="ident">session_ttl</span>,
<span class="ident">ttl_extension_policy</span>,
}) => {
<span class="self">self</span>.<span class="ident">configuration</span>.<span class="ident">cookie</span>.<span class="ident">max_age</span> <span class="op">=</span> <span class="prelude-val">Some</span>(<span class="ident">session_ttl</span>);
<span class="self">self</span>.<span class="ident">configuration</span>.<span class="ident">session</span>.<span class="ident">state_ttl</span> <span class="op">=</span> <span class="ident">session_ttl</span>;
<span class="self">self</span>.<span class="ident">configuration</span>.<span class="ident">ttl_extension_policy</span> <span class="op">=</span> <span class="ident">ttl_extension_policy</span>;
}
}
<span class="self">self</span>
}
<span class="doccomment">/// Set the `SameSite` attribute for the cookie used to store the session ID.</span>
<span class="doccomment">///</span>
<span class="doccomment">/// By default, the attribute is set to `Lax`.</span>
<span class="kw">pub</span> <span class="kw">fn</span> <span class="ident">cookie_same_site</span>(<span class="kw-2">mut</span> <span class="self">self</span>, <span class="ident">same_site</span>: <span class="ident">SameSite</span>) -> <span class="self">Self</span> {
<span class="self">self</span>.<span class="ident">configuration</span>.<span class="ident">cookie</span>.<span class="ident">same_site</span> <span class="op">=</span> <span class="ident">same_site</span>;
<span class="self">self</span>
}
<span class="doccomment">/// Set the `Path` attribute for the cookie used to store the session ID.</span>
<span class="doccomment">///</span>
<span class="doccomment">/// By default, the attribute is set to `/`.</span>
<span class="kw">pub</span> <span class="kw">fn</span> <span class="ident">cookie_path</span>(<span class="kw-2">mut</span> <span class="self">self</span>, <span class="ident">path</span>: <span class="ident">String</span>) -> <span class="self">Self</span> {
<span class="self">self</span>.<span class="ident">configuration</span>.<span class="ident">cookie</span>.<span class="ident">path</span> <span class="op">=</span> <span class="ident">path</span>;
<span class="self">self</span>
}
<span class="doccomment">/// Set the `Domain` attribute for the cookie used to store the session ID.</span>
<span class="doccomment">///</span>
<span class="doccomment">/// Use `None` to leave the attribute unspecified. If unspecified, the attribute defaults</span>
<span class="doccomment">/// to the same host that set the cookie, excluding subdomains.</span>
<span class="doccomment">///</span>
<span class="doccomment">/// By default, the attribute is left unspecified.</span>
<span class="kw">pub</span> <span class="kw">fn</span> <span class="ident">cookie_domain</span>(<span class="kw-2">mut</span> <span class="self">self</span>, <span class="ident">domain</span>: <span class="prelude-ty">Option</span><span class="op"><</span><span class="ident">String</span><span class="op">></span>) -> <span class="self">Self</span> {
<span class="self">self</span>.<span class="ident">configuration</span>.<span class="ident">cookie</span>.<span class="ident">domain</span> <span class="op">=</span> <span class="ident">domain</span>;
<span class="self">self</span>
}
<span class="doccomment">/// Choose how the session cookie content should be secured.</span>
<span class="doccomment">///</span>
<span class="doccomment">/// - [`CookieContentSecurity::Private`] selects encrypted cookie content.</span>
<span class="doccomment">/// - [`CookieContentSecurity::Signed`] selects signed cookie content.</span>
<span class="doccomment">///</span>
<span class="doccomment">/// # Default</span>
<span class="doccomment">/// By default, the cookie content is encrypted. Encrypted was chosen instead of signed as</span>
<span class="doccomment">/// default because it reduces the chances of sensitive information being exposed in the session</span>
<span class="doccomment">/// key by accident, regardless of [`SessionStore`] implementation you chose to use.</span>
<span class="doccomment">///</span>
<span class="doccomment">/// For example, if you are using cookie-based storage, you definitely want the cookie content</span>
<span class="doccomment">/// to be encrypted—the whole session state is embedded in the cookie! If you are using</span>
<span class="doccomment">/// Redis-based storage, signed is more than enough - the cookie content is just a unique</span>
<span class="doccomment">/// tamper-proof session key.</span>
<span class="kw">pub</span> <span class="kw">fn</span> <span class="ident">cookie_content_security</span>(<span class="kw-2">mut</span> <span class="self">self</span>, <span class="ident">content_security</span>: <span class="ident">CookieContentSecurity</span>) -> <span class="self">Self</span> {
<span class="self">self</span>.<span class="ident">configuration</span>.<span class="ident">cookie</span>.<span class="ident">content_security</span> <span class="op">=</span> <span class="ident">content_security</span>;
<span class="self">self</span>
}
<span class="doccomment">/// Set the `HttpOnly` attribute for the cookie used to store the session ID.</span>
<span class="doccomment">///</span>
<span class="doccomment">/// If the cookie is set as `HttpOnly`, it will not be visible to any JavaScript snippets</span>
<span class="doccomment">/// running in the browser.</span>
<span class="doccomment">///</span>
<span class="doccomment">/// Default is `true`.</span>
<span class="kw">pub</span> <span class="kw">fn</span> <span class="ident">cookie_http_only</span>(<span class="kw-2">mut</span> <span class="self">self</span>, <span class="ident">http_only</span>: <span class="ident">bool</span>) -> <span class="self">Self</span> {
<span class="self">self</span>.<span class="ident">configuration</span>.<span class="ident">cookie</span>.<span class="ident">http_only</span> <span class="op">=</span> <span class="ident">http_only</span>;
<span class="self">self</span>
}
<span class="doccomment">/// Finalise the builder and return a [`SessionMiddleware`] instance.</span>
<span class="attribute">#[<span class="ident">must_use</span>]</span>
<span class="kw">pub</span> <span class="kw">fn</span> <span class="ident">build</span>(<span class="self">self</span>) -> <span class="ident">SessionMiddleware</span><span class="op"><</span><span class="ident">Store</span><span class="op">></span> {
<span class="ident">SessionMiddleware::from_parts</span>(<span class="self">self</span>.<span class="ident">storage_backend</span>, <span class="self">self</span>.<span class="ident">configuration</span>)
}
}
<span class="attribute">#[<span class="ident">derive</span>(<span class="ident">Clone</span>)]</span>
<span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">struct</span> <span class="ident">Configuration</span> {
<span class="kw">pub</span>(<span class="kw">crate</span>) <span class="ident">cookie</span>: <span class="ident">CookieConfiguration</span>,
<span class="kw">pub</span>(<span class="kw">crate</span>) <span class="ident">session</span>: <span class="ident">SessionConfiguration</span>,
<span class="kw">pub</span>(<span class="kw">crate</span>) <span class="ident">ttl_extension_policy</span>: <span class="ident">TtlExtensionPolicy</span>,
}
<span class="attribute">#[<span class="ident">derive</span>(<span class="ident">Clone</span>)]</span>
<span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">struct</span> <span class="ident">SessionConfiguration</span> {
<span class="kw">pub</span>(<span class="kw">crate</span>) <span class="ident">state_ttl</span>: <span class="ident">Duration</span>,
}
<span class="attribute">#[<span class="ident">derive</span>(<span class="ident">Clone</span>)]</span>
<span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">struct</span> <span class="ident">CookieConfiguration</span> {
<span class="kw">pub</span>(<span class="kw">crate</span>) <span class="ident">secure</span>: <span class="ident">bool</span>,
<span class="kw">pub</span>(<span class="kw">crate</span>) <span class="ident">http_only</span>: <span class="ident">bool</span>,
<span class="kw">pub</span>(<span class="kw">crate</span>) <span class="ident">name</span>: <span class="ident">String</span>,
<span class="kw">pub</span>(<span class="kw">crate</span>) <span class="ident">same_site</span>: <span class="ident">SameSite</span>,
<span class="kw">pub</span>(<span class="kw">crate</span>) <span class="ident">path</span>: <span class="ident">String</span>,
<span class="kw">pub</span>(<span class="kw">crate</span>) <span class="ident">domain</span>: <span class="prelude-ty">Option</span><span class="op"><</span><span class="ident">String</span><span class="op">></span>,
<span class="kw">pub</span>(<span class="kw">crate</span>) <span class="ident">max_age</span>: <span class="prelude-ty">Option</span><span class="op"><</span><span class="ident">Duration</span><span class="op">></span>,
<span class="kw">pub</span>(<span class="kw">crate</span>) <span class="ident">content_security</span>: <span class="ident">CookieContentSecurity</span>,
<span class="kw">pub</span>(<span class="kw">crate</span>) <span class="ident">key</span>: <span class="ident">Key</span>,
}
<span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">fn</span> <span class="ident">default_configuration</span>(<span class="ident">key</span>: <span class="ident">Key</span>) -> <span class="ident">Configuration</span> {
<span class="ident">Configuration</span> {
<span class="ident">cookie</span>: <span class="ident">CookieConfiguration</span> {
<span class="ident">secure</span>: <span class="bool-val">true</span>,
<span class="ident">http_only</span>: <span class="bool-val">true</span>,
<span class="ident">name</span>: <span class="string">"id"</span>.<span class="ident">into</span>(),
<span class="ident">same_site</span>: <span class="ident">SameSite::Lax</span>,
<span class="ident">path</span>: <span class="string">"/"</span>.<span class="ident">into</span>(),
<span class="ident">domain</span>: <span class="prelude-val">None</span>,
<span class="ident">max_age</span>: <span class="prelude-val">None</span>,
<span class="ident">content_security</span>: <span class="ident">CookieContentSecurity::Private</span>,
<span class="ident">key</span>,
},
<span class="ident">session</span>: <span class="ident">SessionConfiguration</span> {
<span class="ident">state_ttl</span>: <span class="ident">default_ttl</span>(),
},
<span class="ident">ttl_extension_policy</span>: <span class="ident">default_ttl_extension_policy</span>(),
}
}
</code></pre></div>
</section></div></main><div id="rustdoc-vars" data-root-path="../../" data-current-crate="actix_session" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.64.0-nightly (0f4bcadb4 2022-07-30)" ></div></body></html>