logo
pub struct SessionMiddlewareBuilder<Store: SessionStore> { /* private fields */ }
Expand description

A fluent, customized SessionMiddleware builder.

Implementations

Set the name of the cookie used to store the session ID.

Defaults to id.

Set the Secure attribute for the cookie used to store the session ID.

If the cookie is set as secure, it will only be transmitted when the connection is secure (using https).

Default is true.

Determines what type of session cookie should be used and how its lifecycle should be managed. Check out SessionLifecycle’s documentation for more details on the available options.

Default is SessionLifecycle::BrowserSession.

Examples
use actix_web::cookie::{Key, time::Duration};
use actix_session::{SessionMiddleware, config::PersistentSession};
use actix_session::storage::CookieSessionStore;

const SECS_IN_WEEK: i64 = 60 * 60 * 24 * 7;

// creates a session middleware with a time-to-live (expiry) of 1 week
SessionMiddleware::builder(CookieSessionStore::default(), Key::from(&[0; 64]))
    .session_lifecycle(
        PersistentSession::default().session_ttl(Duration::seconds(SECS_IN_WEEK))
    )
    .build();

Set the SameSite attribute for the cookie used to store the session ID.

By default, the attribute is set to Lax.

Set the Path attribute for the cookie used to store the session ID.

By default, the attribute is set to /.

Set the Domain attribute for the cookie used to store the session ID.

Use None to leave the attribute unspecified. If unspecified, the attribute defaults to the same host that set the cookie, excluding subdomains.

By default, the attribute is left unspecified.

Choose how the session cookie content should be secured.

Default

By default, the cookie content is encrypted. Encrypted was chosen instead of signed as default because it reduces the chances of sensitive information being exposed in the session key by accident, regardless of SessionStore implementation you chose to use.

For example, if you are using cookie-based storage, you definitely want the cookie content to be encrypted—the whole session state is embedded in the cookie! If you are using Redis-based storage, signed is more than enough - the cookie content is just a unique tamper-proof session key.

Set the HttpOnly attribute for the cookie used to store the session ID.

If the cookie is set as HttpOnly, it will not be visible to any JavaScript snippets running in the browser.

Default is true.

Finalise the builder and return a SessionMiddleware instance.

Auto Trait Implementations

Blanket Implementations

Gets the TypeId of self. Read more
Immutably borrows from an owned value. Read more
Mutably borrows from an owned value. Read more

Returns the argument unchanged.

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Instruments this type with the current Span, returning an Instrumented wrapper. Read more

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Should always be Self
The type returned in the event of a conversion error.
Performs the conversion.
The type returned in the event of a conversion error.
Performs the conversion.
Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more