Store *noir-session* managed keys in :noir map inside :session. #110

Merged
merged 2 commits into from Jun 6, 2012

Projects

None yet

4 participants

@kenrestivo
Contributor

Maintain an emulation of a functionally-pure :session so as not to break the contract with other middleware that expects the ring requests/responses to be pure.

This was just a cleanup needed so that middleware like friend doesn't leak information into :session that it is trying to dissoc. I get a little fastidious about things that are security-related, which this is.

@kenrestivo kenrestivo Store *noir-session* managed keys in :noir map inside :session. Maint…
…ain an emulation of a functionally-pure :session so as not to break the contract with other middleware that expects the ring requests/responses to be pure.
f4dc605
@Raynes
Member
Raynes commented Jun 5, 2012

@ibdknox This makes sense and looks good, but I wanted to ping you and see if you could look over it if you've got a minute before I merge it in, just for completeness sake. No hurry.

@ibdknox
Member
ibdknox commented Jun 5, 2012

@Raynes seems reasonable to me.

@Raynes Raynes merged commit 6e71b33 into noir-clojure:master Jun 6, 2012
@ithayer

It's worth noting that this change causes some unintuitive behavior compared to previous behavior -- this means that sessions aren't updated, and therefore session expiration times can't be changed by the ring handler, unless a response explicitly modifies the session. (we just noticed this in production after an upgrade)

our work around is to explicitly assoc the session each time using another middleware.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment