Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhancement: Support for session-only cookies with Sessions #2459

Open
geeshta opened this issue Oct 16, 2023 · 0 comments
Open

Enhancement: Support for session-only cookies with Sessions #2459

geeshta opened this issue Oct 16, 2023 · 0 comments
Labels
Enhancement This is a new feature or request Middleware This is related to our middleware

Comments

@geeshta
Copy link
Contributor

geeshta commented Oct 16, 2023
edited

Summary

Introduction

Currently, both the client side session (see HERE) and the server side session (see HERE) require the max_age parameter to be set (either explicitly or by using the default value). This makes impossible to create session-only cookies - sessions that disappear, when the browser is closed.

Client Side

This is pretty straightforward - the Cookie datastructure already supports max_age being None and it is passed from the session config.
I think only changing the field type in CookieBackendConfig and the post-init validator should suffice

Server Side

This is more complicated, as the max_age not only applies to the cookie but to the store as well. The ServerSideSessionBackend supports setting the expiration to None. The complication is that this way it would be impossible to check for which sessions are stale as the backend does not know whethet the browser has been closed or not.

The solution I can think of is adding an optional field to the config which would allow setting the server-side max_age separately, which would be by default set to the cookie max_age. Something like a session_max_age parameter. It could be also set to None as this is allowed for Stores

But maybe someone will have a better idea?

Basic Example

Client-side

app = Litestar(
    route_handlers=[index],
    middleware=[CookieBackendConfig(secret=secrets.token_bytes(16), max_age=None).middleware]
)

Server-side

redis = Redis()
store = RedisStore(redis)
app = Litestar(
    route_handlers=[index],
    stores={"sessions": store},
    middleware=[ServerSideSessionConfig(max_age=None, session_max_age=1000).middleware],  # or maybe some other way
)

Drawbacks and Impact

No response

Unresolved questions

No response

Note

While we are open for sponsoring on GitHub Sponsors and
OpenCollective, we also utilize Polar.sh to engage in pledge-based sponsorship.

Check out all issues funded or available for funding on our Polar.sh Litestar dashboard

  • If you would like to see an issue prioritized, make a pledge towards it!
  • We receive the pledge once the issue is completed & verified
  • This, along with engagement in the community, helps us know which features are a priority to our users.
Fund with Polar
@geeshta geeshta added the Enhancement This is a new feature or request label Oct 16, 2023
@JacobCoffee JacobCoffee added the Middleware This is related to our middleware label Dec 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Enhancement This is a new feature or request Middleware This is related to our middleware
Projects
Overview
Status: Ideas
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JacobCoffee @geeshta