diff --git a/guide/src/qs_10.md b/guide/src/qs_10.md index 10e5c7bc..aefd0871 100644 --- a/guide/src/qs_10.md +++ b/guide/src/qs_10.md @@ -64,7 +64,8 @@ INFO:actix_web::middlewares::logger: 127.0.0.1:59947 [02/Dec/2017:00:22:40 -0800 ## Default headers To set default response headers `DefaultHeaders` middleware could be used. -*DefaultHeaders* middleware does not set header if response headers contains header. +*DefaultHeaders* middleware does not set header if response headers already contains +specified header. ```rust # extern crate actix_web; @@ -86,4 +87,60 @@ fn main() { ## User sessions -[WIP] +Actix provides general solution for session management. +[*Session storage*](../actix_web/middlewares/struct.SessionStorage.html) middleare can be +use with different backend types to store session data in different backends. +By default only cookie session backend is implemented. Other backend implementations +could be added later. + +[*Cookie session backend*](../actix_web/middlewares/struct.CookieSessionBackend.html) +uses signed cookies as session storage. *Cookie session backend* creates sessions which +are limited to storing fewer than 4000 bytes of data (as the payload must fit into a +single cookie). Internal server error get generated if session contains more than 4000 bytes. + +You need to pass a random value to the constructor of *CookieSessionBackend*. +This is private key for cookie session. When this value is changed, all session data is lost. +Note that whatever you write into your session is visible by the user (but not modifiable). + +In general case, you cretate +[*Session storage*](../actix_web/middlewares/struct.SessionStorage.html) middleware +and initializes it with specific backend implementation, like *CookieSessionBackend*. +To access session data +[*HttpRequest::session()*](../actix_web/middlewares/trait.RequestSession.html#tymethod.session) +method has to be used. This method returns +[*Session*](../actix_web/middlewares/struct.Session.html) object, which allows to get or set +session data. + +```rust +# extern crate actix; +# extern crate actix_web; +use actix_web::*; +use actix_web::middlewares::RequestSession; + +fn index(mut req: HttpRequest) -> Result<&'static str> { + // access session data + if let Some(count) = req.session().get::("counter")? { + println!("SESSION value: {}", count); + req.session().set("counter", count+1)?; + } else { + req.session().set("counter", 1)?; + } + + Ok("Welcome!") +} + +fn main() { +# let sys = actix::System::new("basic-example"); + HttpServer::new( + || Application::new() + .middleware(middlewares::SessionStorage::new( // <- create session middlewares + middlewares::CookieSessionBackend::build(&[0; 32]) // <- create cookie session backend + .secure(false) + .finish() + ))) + .bind("127.0.0.1:59880").unwrap() + .start(); +# actix::Arbiter::system().send(actix::msgs::SystemExit(0)); +# let _ = sys.run(); +} +``` diff --git a/src/middlewares/session.rs b/src/middlewares/session.rs index a807b0c0..25caffa6 100644 --- a/src/middlewares/session.rs +++ b/src/middlewares/session.rs @@ -42,6 +42,23 @@ impl RequestSession for HttpRequest { /// Session object could be obtained with /// [`RequestSession::session`](trait.RequestSession.html#tymethod.session) /// method. `RequestSession` trait is implemented for `HttpRequest`. +/// +/// ```rust +/// use actix_web::*; +/// use actix_web::middlewares::RequestSession; +/// +/// fn index(mut req: HttpRequest) -> Result<&'static str> { +/// // access session data +/// if let Some(count) = req.session().get::("counter")? { +/// req.session().set("counter", count+1)?; +/// } else { +/// req.session().set("counter", 1)?; +/// } +/// +/// Ok("Welcome!") +/// } +/// # fn main() {} +/// ``` pub struct Session<'a>(&'a mut SessionImpl); impl<'a> Session<'a> { @@ -80,6 +97,21 @@ unsafe impl Send for SessionImplBox {} unsafe impl Sync for SessionImplBox {} /// Session storage middleware +/// +/// ```rust +/// # extern crate actix; +/// # extern crate actix_web; +/// use actix_web::*; +/// +/// fn main() { +/// let app = Application::new() +/// .middleware(middlewares::SessionStorage::new( // <- create session middlewares +/// middlewares::CookieSessionBackend::build(&[0; 32]) // <- create cookie session backend +/// .secure(false) +/// .finish()) +/// ); +/// } +/// ``` pub struct SessionStorage(T, PhantomData); impl> SessionStorage {