update actix-session everywhere

basics/basics/Cargo.toml

@@ -4,9 +4,9 @@ version = "1.0.0"
 edition = "2021"
 
 [dependencies]
-actix-web = "4"
 actix-files = "0.6"
-actix-session = "0.5"
+actix-session = { version = "0.7", features = ["cookie-session"] }
+actix-web = "4"
 
 async-stream = "0.3"
 env_logger = "0.9"

basics/basics/src/main.rs

@@ -1,8 +1,7 @@
-use std::convert::Infallible;
-use std::io;
+use std::{convert::Infallible, io};
 
 use actix_files::{Files, NamedFile};
-use actix_session::{CookieSession, Session};
+use actix_session::{storage::CookieSessionStore, Session, SessionMiddleware};
 use actix_web::{
     error, get,
     http::{
@@ -13,6 +12,9 @@ use actix_web::{
 };
 use async_stream::stream;
 
+// NOTE: Not a suitable session key for production.
+static SESSION_SIGNING_KEY: &[u8] = &[0; 64];
+
 /// favicon handler
 #[get("/favicon")]
 async fn favicon() -> Result<impl Responder> {
@@ -76,14 +78,21 @@ async fn with_param(req: HttpRequest, path: web::Path<(String,)>) -> HttpRespons
 async fn main() -> io::Result<()> {
     env_logger::init_from_env(env_logger::Env::new().default_filter_or("info"));
 
+    // random key means that restarting server will invalidate existing session cookies
+    let key = actix_web::cookie::Key::from(SESSION_SIGNING_KEY);
+
     log::info!("starting HTTP server at http://localhost:8080");
 
-    HttpServer::new(|| {
+    HttpServer::new(move || {
         App::new()
             // enable automatic response compression - usually register this first
             .wrap(middleware::Compress::default())
             // cookie session middleware
-            .wrap(CookieSession::signed(&[0; 32]).secure(false))
+            .wrap(
+                SessionMiddleware::builder(CookieSessionStore::default(), key.clone())
+                    .cookie_secure(false)
+                    .build(),
+            )
             // enable logger - always register Actix Web Logger middleware last
             .wrap(middleware::Logger::default())
             // register favicon