-
-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New Session For Every Request #53
Comments
Have you tried toggling secure? Note that the examples disable secure because they assume you'll be running locally. By default it's enabled. |
Yes. I tried |
Next try same site. Getting a new session implies the client is not sending the cookie with the request. That's likely because of the cookie settings. But you should also inspect the client to see what's happening there. |
Every response to chrome contains a |
You've identified the issue: your client is not sending the cookie. To fix this you'll have to dig into what cookie settings are necessary to ensure the client sends the cookies. For dev I would suggest disabling secure and using lax same site. MDN has good documentation around these topics that might help. |
Alright thanks for your help! |
Not to revive a dead thread that was just resolved, but I am incidentally hitting this precise same issue on Chrome. If you figure out the issue, can you let us know, @BeaconBrigade? At worst, other people can find this thread if the issue is common enough. |
@ejmg please try what I suggested above. These issues relate to how clients (in this case Chrome) will transmit cookies. Cookies need to be configured such that the client will transmit them as expected. The underlying crate for managing sessions exposes an interface for configuring these. |
Turns out, my issue was of the same nature that was discussed in this discussion thread: #45 (reply in thread) |
@ejmg curious in what way? You weren't expecting axum-login to the query the user store? |
I mistook the nature/function of |
@ejmg are you trying to access the the user value in the session directly? I think I'm confused about what you ran into here. |
using the With the setup: let session_store = SessionMemoryStore::new();
let session_layer = SessionLayer::new(session_store, &secret).with_secure(false);
let store = Arc::new(RwLock::new(HashMap::default())); // [1]
let user = User::get_rusty_user();
store.write().await.insert(user.get_id(), user);
let user_store = AuthMemoryStore::new(&store);
let auth_layer = AuthLayer::new(user_store, &secret); and the route: async fn login_handler(mut auth: AuthContext) {
auth.login(&User::get_rusty_user()).await.unwrap();
} I mistakingly thought that whatever arbitrary user we passed on to async fn protected_handler(Extension(user): Extension<User>) -> impl IntoResponse {
format!("Logged in as: {}", user.name)
} I received a |
@ejmg ah okay, thanks for the detailed explanation. I think I understand now. The confusion is that axum-login doesn't take an updated user and write it to the store. In other words it doesn't manage the state of the user store in a write fashion only in a read fashion. Is there something we could do in the docs or examples to make that more obvious? |
The misunderstanding is, in my case, definitely one of overall experience and conflating different concepts. At minimum, it might be good to explicitly comment that the user store needs to be pre-populated or, in the case of using the same application DB for users, that you can use the same DB for the user store when configured correctly. |
I'm trying to implement a
/login
and/logout
routes as well as some protected routes. However, after logging in, it seems like the log in isn't saved. When I ping/login
it adds the user to a session, but by the time I try to access a protected route, the session and user are gone. I got the examples to work, but my repo based off of them just doesn't. Every protected route always returns forbidden and even the logout route says thecurrent_user
isNone
.I inserted tracing everywhere to figure out what was happening and noticed that between each request a new session is created. I don't know if this is what's supposed to happen, but all of the data stored in the session is lost.
My
SessionLayer
is built with aMemoryStore
and myAuthLayer
is built with anSqliteStore
. I'm usingsqlx
and sqlite as a database. I made sure my users are stored in a table calledusers
in my database.If it helps, here's my setup for the layers:
config.session_secret
is a 64 byte array, andconfig.database_file
is the path to my sqlite db.The
app_state
contains a sqlx pool for the database. The enumRole
type looks like:I'm new to
axum-login
, so sorry for the information dump, I just wanted to put anything that might be useful.The
/login
route takes a json body which describes the user to log into, a name and password. The handler looks like this:Inside the
/login
handler I can checkauth.current_user
and it is set correctly, but as soon as another route is called that is gone. For example on one run of the server:Directly before calling
auth.login(&user).await?
Directly after:
You can see that the
user_id
has been added to the session. But, on the next request to/lists
(or any route, it's all the same) we have:All of a sudden we have a brand new session with the old data gone. I've been struggling for hours trying to find out what I'm doing wrong, and at this point I'm pretty sure it's just some tiny thing I'm missing. Or of course, I'm just misunderstanding how I should be using the library. If so, please let me know. I'd really appreciate if anyone could take a look and see if they notice anything out of order. Also, if you want more information just let me know. Thanks in advance
The text was updated successfully, but these errors were encountered: