Struct actix_session::config::BrowserSession
source · pub struct BrowserSession { /* private fields */ }
Expand description
A session lifecycle strategy where the session cookie expires when the browser’s current session ends.
When does a browser session end? It depends on the browser. Chrome, for example, will often continue running in the background when the browser is closed—session cookies are not deleted and they will still be available when the browser is opened again. Check the documentation of the browsers you are targeting for up-to-date information.
Due to its Into<SessionLifecycle>
implementation, a BrowserSession
can be passed directly
to SessionMiddlewareBuilder::session_lifecycle()
.
Implementations§
source§impl BrowserSession
impl BrowserSession
sourcepub fn state_ttl(self, ttl: Duration) -> Self
pub fn state_ttl(self, ttl: Duration) -> Self
Sets a time-to-live (TTL) when storing the session state in the storage backend.
We do not want to store session states indefinitely, otherwise we will inevitably run out of storage by holding on to the state of countless abandoned or expired sessions!
We are dealing with the lifecycle of two uncorrelated object here: the session cookie and the session state. It is not a big issue if the session state outlives the cookie— we are wasting some space in the backend storage, but it will be cleaned up eventually. What happens, instead, if the cookie outlives the session state? A new session starts— e.g. if sessions are being used for authentication, the user is de-facto logged out.
It is not possible to predict with certainty how long a browser session is going to
last—you need to provide a reasonable upper bound. You do so via state_ttl
—it dictates
what TTL should be used for session state when the lifecycle of the session cookie is
tied to the browser session length. SessionMiddleware
will default to 1 day if
state_ttl
is left unspecified.
You can mitigate the risk of the session cookie outliving the session state by
specifying a more aggressive state TTL extension policy - check out
BrowserSession::state_ttl_extension_policy
for more details.
sourcepub fn state_ttl_extension_policy(
self,
ttl_extension_policy: TtlExtensionPolicy
) -> Self
pub fn state_ttl_extension_policy( self, ttl_extension_policy: TtlExtensionPolicy ) -> Self
Determine under what circumstances the TTL of your session state should be extended.
Defaults to TtlExtensionPolicy::OnStateChanges
if left unspecified.
See TtlExtensionPolicy
for more details.
Trait Implementations§
source§impl Clone for BrowserSession
impl Clone for BrowserSession
source§fn clone(&self) -> BrowserSession
fn clone(&self) -> BrowserSession
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read more