-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Session cookies? (Till the browser is closed.) #35
Comments
Hello, this is definitely a good idea and should be implemented. I'm working on it, so you might expect it to be done in 1-2 days. Unfortunately, it's not that simple as you might expect: for each call of functions that use |
Awesome! 🎉 Thank you very much, and sorry for the naïve idea. 😅 |
Things are getting complicated... It will take more time, than I expected. Hope, you will not get angry :) To explain the situation, here is what's going on:
The first attempt was to get advantage of cookies' fields that browser attaches to it's requests. It worked for Cookies' internals haven't changed since the very beginning, so I think it's a good opportunity to revise it and make it easier to extend for such and similar cases. As for API changes, there will be one additional argument to |
Absolutely, take your time. =) For now, we can just use 30 min w/o “Remember me” and 2 weeks or so with it, but having real session cookies will be very nice. That API change seems ideal. Thank you for the wonderful support! |
Done, you need to import Instead of |
@zohl, excuse the pause in communication, but we had a somewhat hectic period. Now I got some time to integrate this and… I just want to say that your support is amazing. ❤️ Everything works as expected! 😻 THANK YOU!!! |
According to Wikipedia:
https://en.wikipedia.org/wiki/HTTP_cookie#Setting_a_cookie
… session cookies are the ones that have no
MaxAge=
orExpires=
. They are cleared after the user closes their browser.Could we have that? 🙏 I mean, expiry time can (should!) still be encrypted in session data, but some people might want to have the cookie cleared completely, after their browser window is closed (e.g. for the popular “[Don’t] Remember me” functionality).
So this is most probably a question of adding another field to
AuthCookieSettings
that would control whether this line is included or not at all:servant-auth-cookie/src/Servant/Server/Experimental/Auth/Cookie.hs
Line 687 in 5357861
The text was updated successfully, but these errors were encountered: