Crate actix_session
source · [−]Expand description
Session management for Actix Web
The HTTP protocol, at a first glance, is stateless: the client sends a request, the server parses its content, performs some processing and returns a response. The outcome is only influenced by the provided inputs (i.e. the request content) and whatever state the server queries while performing its processing.
Stateless systems are easier to reason about, but they are not quite as powerful as we need to be - e.g. how do you authenticate a user? The user would be forced to authenticate for every single request. That is, for example, how ‘Basic’ Authentication works. While it may work for a machine user (i.e. an API client), it is impractical for a person—you do not want a login prompt on every single page you navigate to!
There is a solution - sessions. Using sessions the server can attach state to a set of
requests coming from the same client. They are built on top of cookies - the server sets a
cookie in the HTTP response (Set-Cookie
header), the client (e.g. the browser) will store the
cookie and play it back to the server when sending new requests (using the Cookie
header).
We refer to the cookie used for sessions as a session cookie. Its content is called session key (or session ID), while the state attached to the session is referred to as session state.
actix-session
provides an easy-to-use framework to manage sessions in applications built on
top of Actix Web. SessionMiddleware
is the middleware underpinning the functionality
provided by actix-session
; it takes care of all the session cookie handling and instructs the
storage backend to create/delete/update the session state based on the operations performed
against the active Session
.
actix-session
provides some built-in storage backends: (storage::CookieSessionStore
,
storage::RedisSessionStore
, and storage::RedisActorSessionStore
) - you can create a
custom storage backend by implementing the SessionStore
trait.
Further reading on sessions:
Getting started
To start using sessions in your Actix Web application you must register SessionMiddleware
as a middleware on your App
:
use actix_web::{web, App, HttpServer, HttpResponse, Error};
use actix_session::{Session, SessionMiddleware, storage::RedisActorSessionStore};
use actix_web::cookie::Key;
#[actix_web::main]
async fn main() -> std::io::Result<()> {
// The secret key would usually be read from a configuration file/environment variables.
let secret_key = Key::generate();
let redis_connection_string = "127.0.0.1:6379";
HttpServer::new(move ||
App::new()
// Add session management to your application using Redis for session state storage
.wrap(
SessionMiddleware::new(
RedisActorSessionStore::new(redis_connection_string),
secret_key.clone()
)
)
.default_service(web::to(|| HttpResponse::Ok())))
.bind(("127.0.0.1", 8080))?
.run()
.await
}
The session state can be accessed and modified by your request handlers using the Session
extractor.
use actix_web::Error;
use actix_session::Session;
fn index(session: Session) -> Result<&'static str, Error> {
// Access the session state
if let Some(count) = session.get::<i32>("counter")? {
println!("SESSION value: {}", count);
// Modify the session state
session.insert("counter", count + 1)?;
} else {
session.insert("counter", 1)?;
}
Ok("Welcome!")
}
Choosing A Backend
By default, actix-session
does not provide any storage backend to retrieve and save the state
attached to your sessions. You can enable:
- a purely cookie-based “backend”,
storage::CookieSessionStore
, using thecookie-session
feature flag.
[dependencies]
actix-session = { version = "...", features = ["cookie-session"] }
- a Redis-based backend via
actix-redis
,storage::RedisActorSessionStore
, using theredis-actor-session
feature flag.
[dependencies]
actix-session = { version = "...", features = ["redis-actor-session"] }
- a Redis-based backend via
redis-rs
,storage::RedisSessionStore
, using theredis-rs-session
feature flag.
[dependencies]
actix-session = { version = "...", features = ["redis-rs-session"] }
Add the redis-rs-tls-session
feature flag if you want to connect to Redis using a secured
connection:
[dependencies]
actix-session = { version = "...", features = ["redis-rs-session", "redis-rs-tls-session"] }
You can provide a different session store by implementing the storage::SessionStore
trait.
Modules
Pluggable storage backends for session state.
Structs
The primary interface to access and modify session state.
A middleware for session management in Actix Web applications.
A fluent builder to construct a SessionMiddleware
instance with custom configuration
parameters.
Enums
Used by SessionMiddlewareBuilder::cookie_content_security
to determine how to secure
the content of the session cookie.
Describes how long a session should last.
Status of a Session
.
Traits
Extract a Session
object from various actix-web
types (e.g. HttpRequest
,
ServiceRequest
, ServiceResponse
).