Module: Tynn::Session
- Defined in:
- lib/tynn/session.rb
Overview
Public: Adds simple cookie based session management. You can pass a secret token to sign the cookie data, thus unauthorized means can’t alter it.
Examples
require "tynn"
require "tynn/session"
Tynn.plugin(Tynn::Session, secret: "__change_me__")
Tynn.define do
root do
res.write(sprintf("hei %s", session[:username]))
end
on(:username) do |username|
session[:username] = username
end
end
The following command generates a cryptographically secure secret ready to use:
$ ruby -r securerandom -e "puts SecureRandom.hex(64)"
It’s important to keep the token secret. Knowing the token allows an attacker to tamper the data. So, it’s recommended to load the token from the environment.
Examples
Tynn.plugin(Tynn::Session, secret: ENV["SESSION_SECRET"])
Under the hood, Tynn::Session uses the Rack::Session::Cookie
middleware. Thus, supports all the options available for this middleware:
key - The name of the cookie. Defaults to "rack.session"
.
httponly - If true
, sets the HttpOnly
flag. This mitigates the
risk of client side scripting accessing the cookie. Defaults
to +true+.
secure - If true
, sets the Secure
flag. This tells the browser
to only transmit the cookie over HTTPS. Defaults to `false`.
expire_after - The lifespan of the cookie. If nil
, the session cookie
is temporary and is no retained after the browser is
closed. Defaults to +nil+.
Examples
Tynn.plugin(
Tynn::Session,
key: "app",
secret: ENV["SESSION_SECRET"],
expire_after: 36_000, # seconds
httponly: true,
secure: true
)
Defined Under Namespace
Modules: InstanceMethods
Class Method Summary collapse
-
.setup(app, options = {}) ⇒ Object
Internal: Configures Rack::Session::Cookie middleware.
Class Method Details
.setup(app, options = {}) ⇒ Object
Internal: Configures Rack::Session::Cookie middleware.
64 65 66 67 68 |
# File 'lib/tynn/session.rb', line 64 def self.setup(app, = {}) defaults = { secure: app.settings[:ssl] } app.use(Rack::Session::Cookie, defaults.merge()) end |