mirror of
https://github.com/actix/actix-extras.git
synced 2024-12-04 20:11:55 +01:00
114 lines
14 KiB
HTML
114 lines
14 KiB
HTML
<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="Session management for Actix Web."><title>actix_session - Rust</title><script>if(window.location.protocol!=="file:")document.head.insertAdjacentHTML("beforeend","SourceSerif4-Regular-46f98efaafac5295.ttf.woff2,FiraSans-Regular-018c141bf0843ffd.woff2,FiraSans-Medium-8f9a781e4970d388.woff2,SourceCodePro-Regular-562dcc5011b6de7d.ttf.woff2,SourceCodePro-Semibold-d899c5a5c4aeb14a.ttf.woff2".split(",").map(f=>`<link rel="preload" as="font" type="font/woff2" crossorigin href="../static.files/${f}">`).join(""))</script><link rel="stylesheet" href="../static.files/normalize-76eba96aa4d2e634.css"><link rel="stylesheet" href="../static.files/rustdoc-dd39b87e5fcfba68.css"><meta name="rustdoc-vars" data-root-path="../" data-static-root-path="../static.files/" data-current-crate="actix_session" data-themes="" data-resource-suffix="" data-rustdoc-version="1.81.0-nightly (f21554f7f 2024-06-08)" data-channel="nightly" data-search-js="search-9d4fa2dd5e5a7e17.js" data-settings-js="settings-4313503d2e1961c2.js" ><script src="../static.files/storage-118b08c4c78b968e.js"></script><script defer src="../crates.js"></script><script defer src="../static.files/main-20a3ad099b048cf2.js"></script><noscript><link rel="stylesheet" href="../static.files/noscript-df360f571f6edeae.css"></noscript><link rel="icon" href="https://actix.rs/favicon.ico"></head><body class="rustdoc mod crate"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle" title="show sidebar"></button><a class="logo-container" href="../actix_session/index.html"><img src="https://actix.rs/img/logo.png" alt=""></a></nav><nav class="sidebar"><div class="sidebar-crate"><a class="logo-container" href="../actix_session/index.html"><img src="https://actix.rs/img/logo.png" alt="logo"></a><h2><a href="../actix_session/index.html">actix_session</a><span class="version">0.9.0</span></h2></div><div class="sidebar-elems"><ul class="block"><li><a id="all-types" href="all.html">All Items</a></li></ul><section><ul class="block"><li><a href="#modules">Modules</a></li><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li><li><a href="#traits">Traits</a></li></ul></section></div></nav><div class="sidebar-resizer"></div><main><div class="width-limiter"><rustdoc-search></rustdoc-search><section id="main-content" class="content"><div class="main-heading"><h1>Crate <a class="mod" href="#">actix_session</a><button id="copy-path" title="Copy item path to clipboard">Copy item path</button></h1><span class="out-of-band"><a class="src" href="../src/actix_session/lib.rs.html#1-740">source</a> · <button id="toggle-all-docs" title="collapse all docs">[<span>−</span>]</button></span></div><details class="toggle top-doc" open><summary class="hideme"><span>Expand description</span></summary><div class="docblock"><p>Session management for Actix Web.</p>
|
||
<p>The HTTP protocol, at a first glance, is stateless: the client sends a request, the server
|
||
parses its content, performs some processing and returns a response. The outcome is only
|
||
influenced by the provided inputs (i.e. the request content) and whatever state the server
|
||
queries while performing its processing.</p>
|
||
<p>Stateless systems are easier to reason about, but they are not quite as powerful as we need them
|
||
to be - e.g. how do you authenticate a user? The user would be forced to authenticate <strong>for
|
||
every single request</strong>. That is, for example, how ‘Basic’ Authentication works. While it may
|
||
work for a machine user (i.e. an API client), it is impractical for a person—you do not want a
|
||
login prompt on every single page you navigate to!</p>
|
||
<p>There is a solution - <strong>sessions</strong>. Using sessions the server can attach state to a set of
|
||
requests coming from the same client. They are built on top of cookies - the server sets a
|
||
cookie in the HTTP response (<code>Set-Cookie</code> header), the client (e.g. the browser) will store the
|
||
cookie and play it back to the server when sending new requests (using the <code>Cookie</code> header).</p>
|
||
<p>We refer to the cookie used for sessions as a <strong>session cookie</strong>. Its content is called
|
||
<strong>session key</strong> (or <strong>session ID</strong>), while the state attached to the session is referred to as
|
||
<strong>session state</strong>.</p>
|
||
<p><code>actix-session</code> provides an easy-to-use framework to manage sessions in applications built on
|
||
top of Actix Web. <a href="struct.SessionMiddleware.html" title="struct actix_session::SessionMiddleware"><code>SessionMiddleware</code></a> is the middleware underpinning the functionality
|
||
provided by <code>actix-session</code>; it takes care of all the session cookie handling and instructs the
|
||
<strong>storage backend</strong> to create/delete/update the session state based on the operations performed
|
||
against the active <a href="struct.Session.html" title="struct actix_session::Session"><code>Session</code></a>.</p>
|
||
<p><code>actix-session</code> provides some built-in storage backends: (<a href="storage/struct.CookieSessionStore.html" title="struct actix_session::storage::CookieSessionStore"><code>CookieSessionStore</code></a>,
|
||
<a href="storage/struct.RedisSessionStore.html" title="struct actix_session::storage::RedisSessionStore"><code>RedisSessionStore</code></a>, and <a href="storage::RedisActorSessionStore"><code>RedisActorSessionStore</code></a>) - you can create a custom storage backend
|
||
by implementing the <a href="storage/trait.SessionStore.html" title="trait actix_session::storage::SessionStore"><code>SessionStore</code></a> trait.</p>
|
||
<p>Further reading on sessions:</p>
|
||
<ul>
|
||
<li><a href="https://datatracker.ietf.org/doc/html/rfc6265">RFC 6265</a>;</li>
|
||
<li><a href="https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html">OWASP’s session management cheat-sheet</a>.</li>
|
||
</ul>
|
||
<h2 id="getting-started"><a class="doc-anchor" href="#getting-started">§</a>Getting started</h2>
|
||
<p>To start using sessions in your Actix Web application you must register <a href="struct.SessionMiddleware.html" title="struct actix_session::SessionMiddleware"><code>SessionMiddleware</code></a>
|
||
as a middleware on your <code>App</code>:</p>
|
||
|
||
<div class="example-wrap"><pre class="rust rust-example-rendered"><code><span class="kw">use </span>actix_web::{web, App, HttpServer, HttpResponse, Error};
|
||
<span class="kw">use </span>actix_session::{Session, SessionMiddleware, storage::RedisSessionStore};
|
||
<span class="kw">use </span>actix_web::cookie::Key;
|
||
|
||
<span class="attr">#[actix_web::main]
|
||
</span><span class="kw">async fn </span>main() -> std::io::Result<()> {
|
||
<span class="comment">// When using `Key::generate()` it is important to initialize outside of the
|
||
// `HttpServer::new` closure. When deployed the secret key should be read from a
|
||
// configuration file or environment variables.
|
||
</span><span class="kw">let </span>secret_key = Key::generate();
|
||
|
||
<span class="kw">let </span>redis_store = RedisSessionStore::new(<span class="string">"redis://127.0.0.1:6379"</span>)
|
||
.<span class="kw">await
|
||
</span>.unwrap();
|
||
|
||
HttpServer::new(<span class="kw">move </span>||
|
||
App::new()
|
||
<span class="comment">// Add session management to your application using Redis for session state storage
|
||
</span>.wrap(
|
||
SessionMiddleware::new(
|
||
redis_store.clone(),
|
||
secret_key.clone(),
|
||
)
|
||
)
|
||
.default_service(web::to(|| HttpResponse::Ok())))
|
||
.bind((<span class="string">"127.0.0.1"</span>, <span class="number">8080</span>))<span class="question-mark">?
|
||
</span>.run()
|
||
.<span class="kw">await
|
||
</span>}</code></pre></div>
|
||
<p>The session state can be accessed and modified by your request handlers using the <a href="struct.Session.html" title="struct actix_session::Session"><code>Session</code></a>
|
||
extractor. Note that this doesn’t work in the stream of a streaming response.</p>
|
||
|
||
<div class="example-wrap"><pre class="rust rust-example-rendered"><code><span class="kw">use </span>actix_web::Error;
|
||
<span class="kw">use </span>actix_session::Session;
|
||
|
||
<span class="kw">fn </span>index(session: Session) -> <span class="prelude-ty">Result</span><<span class="kw-2">&</span><span class="lifetime">'static </span>str, Error> {
|
||
<span class="comment">// access the session state
|
||
</span><span class="kw">if let </span><span class="prelude-val">Some</span>(count) = session.get::<i32>(<span class="string">"counter"</span>)<span class="question-mark">? </span>{
|
||
<span class="macro">println!</span>(<span class="string">"SESSION value: {}"</span>, count);
|
||
<span class="comment">// modify the session state
|
||
</span>session.insert(<span class="string">"counter"</span>, count + <span class="number">1</span>)<span class="question-mark">?</span>;
|
||
} <span class="kw">else </span>{
|
||
session.insert(<span class="string">"counter"</span>, <span class="number">1</span>)<span class="question-mark">?</span>;
|
||
}
|
||
|
||
<span class="prelude-val">Ok</span>(<span class="string">"Welcome!"</span>)
|
||
}</code></pre></div>
|
||
<h2 id="choosing-a-backend"><a class="doc-anchor" href="#choosing-a-backend">§</a>Choosing A Backend</h2>
|
||
<p>By default, <code>actix-session</code> does not provide any storage backend to retrieve and save the state
|
||
attached to your sessions. You can enable:</p>
|
||
<ul>
|
||
<li>
|
||
<p>a purely cookie-based “backend”, <a href="storage/struct.CookieSessionStore.html" title="struct actix_session::storage::CookieSessionStore"><code>CookieSessionStore</code></a>, using the <code>cookie-session</code> feature
|
||
flag.</p>
|
||
<div class="example-wrap"><pre class="language-toml"><code>[dependencies]
|
||
# ...
|
||
actix-session = { version = "...", features = ["cookie-session"] }
|
||
</code></pre></div></li>
|
||
<li>
|
||
<p>a Redis-based backend via <a href="https://docs.rs/redis-rs"><code>redis-rs</code></a>, <a href="storage/struct.RedisSessionStore.html" title="struct actix_session::storage::RedisSessionStore"><code>RedisSessionStore</code></a>, using
|
||
the <code>redis-rs-session</code> feature flag.</p>
|
||
<div class="example-wrap"><pre class="language-toml"><code>[dependencies]
|
||
# ...
|
||
actix-session = { version = "...", features = ["redis-rs-session"] }
|
||
</code></pre></div>
|
||
<p>Add the <code>redis-rs-tls-session</code> feature flag if you want to connect to Redis using a secured
|
||
connection (via the <code>native-tls</code> crate):</p>
|
||
<div class="example-wrap"><pre class="language-toml"><code>[dependencies]
|
||
# ...
|
||
actix-session = { version = "...", features = ["redis-rs-tls-session"] }
|
||
</code></pre></div>
|
||
<p>If you instead prefer depending on <code>rustls</code>, use the <code>redis-rs-tls-session-rustls</code> feature flag:</p>
|
||
<div class="example-wrap"><pre class="language-toml"><code>[dependencies]
|
||
# ...
|
||
actix-session = { version = "...", features = ["redis-rs-tls-session-rustls"] }
|
||
</code></pre></div></li>
|
||
</ul>
|
||
<p>You can implement your own session storage backend using the <a href="storage/trait.SessionStore.html" title="trait actix_session::storage::SessionStore"><code>SessionStore</code></a> trait.</p>
|
||
</div></details><h2 id="modules" class="section-header">Modules<a href="#modules" class="anchor">§</a></h2><ul class="item-table"><li><div class="item-name"><a class="mod" href="config/index.html" title="mod actix_session::config">config</a></div><div class="desc docblock-short">Configuration options to tune the behaviour of <a href="struct.SessionMiddleware.html" title="struct actix_session::SessionMiddleware"><code>SessionMiddleware</code></a>.</div></li><li><div class="item-name"><a class="mod" href="storage/index.html" title="mod actix_session::storage">storage</a></div><div class="desc docblock-short">Pluggable storage backends for session state.</div></li></ul><h2 id="structs" class="section-header">Structs<a href="#structs" class="anchor">§</a></h2><ul class="item-table"><li><div class="item-name"><a class="struct" href="struct.Session.html" title="struct actix_session::Session">Session</a></div><div class="desc docblock-short">The primary interface to access and modify session state.</div></li><li><div class="item-name"><a class="struct" href="struct.SessionGetError.html" title="struct actix_session::SessionGetError">SessionGetError</a></div><div class="desc docblock-short">Error returned by <a href="struct.Session.html#method.get" title="method actix_session::Session::get"><code>Session::get</code></a>.</div></li><li><div class="item-name"><a class="struct" href="struct.SessionInsertError.html" title="struct actix_session::SessionInsertError">SessionInsertError</a></div><div class="desc docblock-short">Error returned by <a href="struct.Session.html#method.insert" title="method actix_session::Session::insert"><code>Session::insert</code></a>.</div></li><li><div class="item-name"><a class="struct" href="struct.SessionMiddleware.html" title="struct actix_session::SessionMiddleware">SessionMiddleware</a></div><div class="desc docblock-short">A middleware for session management in Actix Web applications.</div></li></ul><h2 id="enums" class="section-header">Enums<a href="#enums" class="anchor">§</a></h2><ul class="item-table"><li><div class="item-name"><a class="enum" href="enum.SessionStatus.html" title="enum actix_session::SessionStatus">SessionStatus</a></div><div class="desc docblock-short">Status of a <a href="struct.Session.html" title="struct actix_session::Session"><code>Session</code></a>.</div></li></ul><h2 id="traits" class="section-header">Traits<a href="#traits" class="anchor">§</a></h2><ul class="item-table"><li><div class="item-name"><a class="trait" href="trait.SessionExt.html" title="trait actix_session::SessionExt">SessionExt</a></div><div class="desc docblock-short">Extract a <a href="struct.Session.html" title="struct actix_session::Session"><code>Session</code></a> object from various <code>actix-web</code> types (e.g. <code>HttpRequest</code>,
|
||
<code>ServiceRequest</code>, <code>ServiceResponse</code>).</div></li></ul></section></div></main></body></html> |