Role based user session

[akelyasir]

Hi,

Will you set an example for a role-based user session? With the cache system. Do we need to develop the project ourselves?

Good work and good luck.

[photino]

We support extracting a SessionId from the session-id header. The format is defined in W3C's Session Identification URI. We will provide an example for that.

[akelyasir]

I've seen SessionId , but I couldn't figure out how to advance your use case here. I could not understand whether you will use a different method according to the access_key value in the user model or with the password. Also, like, are you going to create a rule according to the role structure in the user model. I am impatiently waiting for your update.

[photino]

The SessionId can be used in the following way:

// 1. Generates an `AccessKeyId`.
let key = AccessKeyId::new();

// 2. Generates a `SessionId`.
let session_id = SessionId::new::<Sha256>("your.app.com", key);

// 3. Records a map of the `SessionId` and `AccessKeyId` using a cache system.
let mut map = HashMap::new();
map.insert(session_id, key);

// 4. Extracts a `SessionId` from the request.
let session_id = req.parse_session_id().unwrap();

// 5. Gets the corresponding `AccessKey` from the cache system.
let key = map.get(session_id).unwrap();

// 6. Validates the `SessionId`.
let is_valid = session_id.validate_with::<Sha256>("your.app.com", key);

If the AccessKeyId is bound to a user, then a SessionId can be used to identify a user. But we think that SessionId and AccessKeyId can be used in a more general sense (they can also be bound to a group).

The zino-model is totally optional. It provides some models for prototyping and testing. The role structure in the user model does not have a close relation to SessionId (Of course, we can also bind an AccessKeyId to a specific role).