1
0
mirror of https://github.com/actix/actix-extras.git synced 2024-12-04 20:11:55 +01:00
actix-extras/actix_session/index.html
2024-06-09 19:27:55 +00:00

114 lines
14 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="Session management for Actix Web."><title>actix_session - Rust</title><script>if(window.location.protocol!=="file:")document.head.insertAdjacentHTML("beforeend","SourceSerif4-Regular-46f98efaafac5295.ttf.woff2,FiraSans-Regular-018c141bf0843ffd.woff2,FiraSans-Medium-8f9a781e4970d388.woff2,SourceCodePro-Regular-562dcc5011b6de7d.ttf.woff2,SourceCodePro-Semibold-d899c5a5c4aeb14a.ttf.woff2".split(",").map(f=>`<link rel="preload" as="font" type="font/woff2" crossorigin href="../static.files/${f}">`).join(""))</script><link rel="stylesheet" href="../static.files/normalize-76eba96aa4d2e634.css"><link rel="stylesheet" href="../static.files/rustdoc-dd39b87e5fcfba68.css"><meta name="rustdoc-vars" data-root-path="../" data-static-root-path="../static.files/" data-current-crate="actix_session" data-themes="" data-resource-suffix="" data-rustdoc-version="1.81.0-nightly (f21554f7f 2024-06-08)" data-channel="nightly" data-search-js="search-9d4fa2dd5e5a7e17.js" data-settings-js="settings-4313503d2e1961c2.js" ><script src="../static.files/storage-118b08c4c78b968e.js"></script><script defer src="../crates.js"></script><script defer src="../static.files/main-20a3ad099b048cf2.js"></script><noscript><link rel="stylesheet" href="../static.files/noscript-df360f571f6edeae.css"></noscript><link rel="icon" href="https://actix.rs/favicon.ico"></head><body class="rustdoc mod crate"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle" title="show sidebar"></button><a class="logo-container" href="../actix_session/index.html"><img src="https://actix.rs/img/logo.png" alt=""></a></nav><nav class="sidebar"><div class="sidebar-crate"><a class="logo-container" href="../actix_session/index.html"><img src="https://actix.rs/img/logo.png" alt="logo"></a><h2><a href="../actix_session/index.html">actix_session</a><span class="version">0.9.0</span></h2></div><div class="sidebar-elems"><ul class="block"><li><a id="all-types" href="all.html">All Items</a></li></ul><section><ul class="block"><li><a href="#modules">Modules</a></li><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li><li><a href="#traits">Traits</a></li></ul></section></div></nav><div class="sidebar-resizer"></div><main><div class="width-limiter"><rustdoc-search></rustdoc-search><section id="main-content" class="content"><div class="main-heading"><h1>Crate <a class="mod" href="#">actix_session</a><button id="copy-path" title="Copy item path to clipboard">Copy item path</button></h1><span class="out-of-band"><a class="src" href="../src/actix_session/lib.rs.html#1-740">source</a> · <button id="toggle-all-docs" title="collapse all docs">[<span>&#x2212;</span>]</button></span></div><details class="toggle top-doc" open><summary class="hideme"><span>Expand description</span></summary><div class="docblock"><p>Session management for Actix Web.</p>
<p>The HTTP protocol, at a first glance, is stateless: the client sends a request, the server
parses its content, performs some processing and returns a response. The outcome is only
influenced by the provided inputs (i.e. the request content) and whatever state the server
queries while performing its processing.</p>
<p>Stateless systems are easier to reason about, but they are not quite as powerful as we need them
to be - e.g. how do you authenticate a user? The user would be forced to authenticate <strong>for
every single request</strong>. That is, for example, how Basic Authentication works. While it may
work for a machine user (i.e. an API client), it is impractical for a person—you do not want a
login prompt on every single page you navigate to!</p>
<p>There is a solution - <strong>sessions</strong>. Using sessions the server can attach state to a set of
requests coming from the same client. They are built on top of cookies - the server sets a
cookie in the HTTP response (<code>Set-Cookie</code> header), the client (e.g. the browser) will store the
cookie and play it back to the server when sending new requests (using the <code>Cookie</code> header).</p>
<p>We refer to the cookie used for sessions as a <strong>session cookie</strong>. Its content is called
<strong>session key</strong> (or <strong>session ID</strong>), while the state attached to the session is referred to as
<strong>session state</strong>.</p>
<p><code>actix-session</code> provides an easy-to-use framework to manage sessions in applications built on
top of Actix Web. <a href="struct.SessionMiddleware.html" title="struct actix_session::SessionMiddleware"><code>SessionMiddleware</code></a> is the middleware underpinning the functionality
provided by <code>actix-session</code>; it takes care of all the session cookie handling and instructs the
<strong>storage backend</strong> to create/delete/update the session state based on the operations performed
against the active <a href="struct.Session.html" title="struct actix_session::Session"><code>Session</code></a>.</p>
<p><code>actix-session</code> provides some built-in storage backends: (<a href="storage/struct.CookieSessionStore.html" title="struct actix_session::storage::CookieSessionStore"><code>CookieSessionStore</code></a>,
<a href="storage/struct.RedisSessionStore.html" title="struct actix_session::storage::RedisSessionStore"><code>RedisSessionStore</code></a>, and <a href="storage::RedisActorSessionStore"><code>RedisActorSessionStore</code></a>) - you can create a custom storage backend
by implementing the <a href="storage/trait.SessionStore.html" title="trait actix_session::storage::SessionStore"><code>SessionStore</code></a> trait.</p>
<p>Further reading on sessions:</p>
<ul>
<li><a href="https://datatracker.ietf.org/doc/html/rfc6265">RFC 6265</a>;</li>
<li><a href="https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html">OWASPs session management cheat-sheet</a>.</li>
</ul>
<h2 id="getting-started"><a class="doc-anchor" href="#getting-started">§</a>Getting started</h2>
<p>To start using sessions in your Actix Web application you must register <a href="struct.SessionMiddleware.html" title="struct actix_session::SessionMiddleware"><code>SessionMiddleware</code></a>
as a middleware on your <code>App</code>:</p>
<div class="example-wrap"><pre class="rust rust-example-rendered"><code><span class="kw">use </span>actix_web::{web, App, HttpServer, HttpResponse, Error};
<span class="kw">use </span>actix_session::{Session, SessionMiddleware, storage::RedisSessionStore};
<span class="kw">use </span>actix_web::cookie::Key;
<span class="attr">#[actix_web::main]
</span><span class="kw">async fn </span>main() -&gt; std::io::Result&lt;()&gt; {
<span class="comment">// When using `Key::generate()` it is important to initialize outside of the
// `HttpServer::new` closure. When deployed the secret key should be read from a
// configuration file or environment variables.
</span><span class="kw">let </span>secret_key = Key::generate();
<span class="kw">let </span>redis_store = RedisSessionStore::new(<span class="string">"redis://127.0.0.1:6379"</span>)
.<span class="kw">await
</span>.unwrap();
HttpServer::new(<span class="kw">move </span>||
App::new()
<span class="comment">// Add session management to your application using Redis for session state storage
</span>.wrap(
SessionMiddleware::new(
redis_store.clone(),
secret_key.clone(),
)
)
.default_service(web::to(|| HttpResponse::Ok())))
.bind((<span class="string">"127.0.0.1"</span>, <span class="number">8080</span>))<span class="question-mark">?
</span>.run()
.<span class="kw">await
</span>}</code></pre></div>
<p>The session state can be accessed and modified by your request handlers using the <a href="struct.Session.html" title="struct actix_session::Session"><code>Session</code></a>
extractor. Note that this doesnt work in the stream of a streaming response.</p>
<div class="example-wrap"><pre class="rust rust-example-rendered"><code><span class="kw">use </span>actix_web::Error;
<span class="kw">use </span>actix_session::Session;
<span class="kw">fn </span>index(session: Session) -&gt; <span class="prelude-ty">Result</span>&lt;<span class="kw-2">&amp;</span><span class="lifetime">'static </span>str, Error&gt; {
<span class="comment">// access the session state
</span><span class="kw">if let </span><span class="prelude-val">Some</span>(count) = session.get::&lt;i32&gt;(<span class="string">"counter"</span>)<span class="question-mark">? </span>{
<span class="macro">println!</span>(<span class="string">"SESSION value: {}"</span>, count);
<span class="comment">// modify the session state
</span>session.insert(<span class="string">"counter"</span>, count + <span class="number">1</span>)<span class="question-mark">?</span>;
} <span class="kw">else </span>{
session.insert(<span class="string">"counter"</span>, <span class="number">1</span>)<span class="question-mark">?</span>;
}
<span class="prelude-val">Ok</span>(<span class="string">"Welcome!"</span>)
}</code></pre></div>
<h2 id="choosing-a-backend"><a class="doc-anchor" href="#choosing-a-backend">§</a>Choosing A Backend</h2>
<p>By default, <code>actix-session</code> does not provide any storage backend to retrieve and save the state
attached to your sessions. You can enable:</p>
<ul>
<li>
<p>a purely cookie-based “backend”, <a href="storage/struct.CookieSessionStore.html" title="struct actix_session::storage::CookieSessionStore"><code>CookieSessionStore</code></a>, using the <code>cookie-session</code> feature
flag.</p>
<div class="example-wrap"><pre class="language-toml"><code>[dependencies]
# ...
actix-session = { version = &quot;...&quot;, features = [&quot;cookie-session&quot;] }
</code></pre></div></li>
<li>
<p>a Redis-based backend via <a href="https://docs.rs/redis-rs"><code>redis-rs</code></a>, <a href="storage/struct.RedisSessionStore.html" title="struct actix_session::storage::RedisSessionStore"><code>RedisSessionStore</code></a>, using
the <code>redis-rs-session</code> feature flag.</p>
<div class="example-wrap"><pre class="language-toml"><code>[dependencies]
# ...
actix-session = { version = &quot;...&quot;, features = [&quot;redis-rs-session&quot;] }
</code></pre></div>
<p>Add the <code>redis-rs-tls-session</code> feature flag if you want to connect to Redis using a secured
connection (via the <code>native-tls</code> crate):</p>
<div class="example-wrap"><pre class="language-toml"><code>[dependencies]
# ...
actix-session = { version = &quot;...&quot;, features = [&quot;redis-rs-tls-session&quot;] }
</code></pre></div>
<p>If you instead prefer depending on <code>rustls</code>, use the <code>redis-rs-tls-session-rustls</code> feature flag:</p>
<div class="example-wrap"><pre class="language-toml"><code>[dependencies]
# ...
actix-session = { version = &quot;...&quot;, features = [&quot;redis-rs-tls-session-rustls&quot;] }
</code></pre></div></li>
</ul>
<p>You can implement your own session storage backend using the <a href="storage/trait.SessionStore.html" title="trait actix_session::storage::SessionStore"><code>SessionStore</code></a> trait.</p>
</div></details><h2 id="modules" class="section-header">Modules<a href="#modules" class="anchor">§</a></h2><ul class="item-table"><li><div class="item-name"><a class="mod" href="config/index.html" title="mod actix_session::config">config</a></div><div class="desc docblock-short">Configuration options to tune the behaviour of <a href="struct.SessionMiddleware.html" title="struct actix_session::SessionMiddleware"><code>SessionMiddleware</code></a>.</div></li><li><div class="item-name"><a class="mod" href="storage/index.html" title="mod actix_session::storage">storage</a></div><div class="desc docblock-short">Pluggable storage backends for session state.</div></li></ul><h2 id="structs" class="section-header">Structs<a href="#structs" class="anchor">§</a></h2><ul class="item-table"><li><div class="item-name"><a class="struct" href="struct.Session.html" title="struct actix_session::Session">Session</a></div><div class="desc docblock-short">The primary interface to access and modify session state.</div></li><li><div class="item-name"><a class="struct" href="struct.SessionGetError.html" title="struct actix_session::SessionGetError">SessionGetError</a></div><div class="desc docblock-short">Error returned by <a href="struct.Session.html#method.get" title="method actix_session::Session::get"><code>Session::get</code></a>.</div></li><li><div class="item-name"><a class="struct" href="struct.SessionInsertError.html" title="struct actix_session::SessionInsertError">SessionInsertError</a></div><div class="desc docblock-short">Error returned by <a href="struct.Session.html#method.insert" title="method actix_session::Session::insert"><code>Session::insert</code></a>.</div></li><li><div class="item-name"><a class="struct" href="struct.SessionMiddleware.html" title="struct actix_session::SessionMiddleware">SessionMiddleware</a></div><div class="desc docblock-short">A middleware for session management in Actix Web applications.</div></li></ul><h2 id="enums" class="section-header">Enums<a href="#enums" class="anchor">§</a></h2><ul class="item-table"><li><div class="item-name"><a class="enum" href="enum.SessionStatus.html" title="enum actix_session::SessionStatus">SessionStatus</a></div><div class="desc docblock-short">Status of a <a href="struct.Session.html" title="struct actix_session::Session"><code>Session</code></a>.</div></li></ul><h2 id="traits" class="section-header">Traits<a href="#traits" class="anchor">§</a></h2><ul class="item-table"><li><div class="item-name"><a class="trait" href="trait.SessionExt.html" title="trait actix_session::SessionExt">SessionExt</a></div><div class="desc docblock-short">Extract a <a href="struct.Session.html" title="struct actix_session::Session"><code>Session</code></a> object from various <code>actix-web</code> types (e.g. <code>HttpRequest</code>,
<code>ServiceRequest</code>, <code>ServiceResponse</code>).</div></li></ul></section></div></main></body></html>