Comments (11)
If you're using noir.util.middleware/app-handler
then it will apply all the necessary middleware, such as wrap-noir-session
for you. The default template should create a handler that looks something like the following:
(def app (app-handler
;; add your application routes here
[home-routes app-routes]
;; add custom middleware here
:middleware [middleware/template-error-page
middleware/log-request
middleware/wrap-exceptions]
:session-options {:timeout 10
:timeout-response (response/redirect "/")}
;; add access rules here
:access-rules []
;; serialize/deserialize the following data formats
;; available formats:
;; :json :json-kw :yaml :yaml-kw :edn :yaml-in-html
:formats [:json-kw :edn]))
from luminus.
Yes, I'm using the template and app-handler, it generated a similar handler, I've only changed session storage:
(def app
(app-handler
[cljs-routes auth-routes home-routes app-routes]
:middleware [middleware/template-error-page middleware/log-request]
:access-rules []
:formats [:json-kw :edn]
:session-options
{:cookie-name "myapp-session"
:cookie-attrs {:max-age (* 60 60 24 30)}
:store (if (:use_redis (config))
(carmine-store redis-conn {:key-prefix "myapp", :expiration-secs (* 60 60 24 30)})
(cookie-store))}))
Yet the session cookie is sent only once at login :(
from luminus.
I'm not able to reproduce the issue locally, when I check the request headers in Chrome I see the Set-Cookie
header on each request that looks as follows:
Set-Cookie:myapp-session=YuldGl%2Foym9f1aTzb83qS2Iso%2Bsu5o1CnmVq2QYhC550d24NWGWdW2DHsh5eRsqdo%2FHZRjYP%2FCjialhhGfMA5o6BGevkhD5nYu91zI5isiw%3D--Ztg46rWAQ0hEtFydUe6Qn%2F9sPN2HAlBir8RI4OQ%2Byt4%3D;Max-Age=2592000;Path=/;HttpOnly
from luminus.
Really strange, I can reproduce it locally (not using carmine-store). I can give you access to the source code if you want to investigate it further
from luminus.
Ah I think I found the difference, the latest template sets the session timeout as well:
{:timeout (* 60 30)
:timeout-response (redirect "/")
:cookie-name "myapp-session"
:cookie-attrs {:max-age (* 60 60 24 30)}
:store (cookie-store)}
Apparently that forces the cookie to be sent each time.
from luminus.
Unfortunately it's not the answer :( I even tried replacing my whole session-options with the above code but no luck, only the POST request to /login is sending the cookie in the response
from luminus.
I'm really not sure then, it does sound like an issue with Ring session store though more than luminus itself. All the template does is wrap the handler with the middleware. Since I don't maintain Ring session middleware my knowledge there is a bit limited.
from luminus.
Thanks a lot for trying anyway, do you have any tips on how could I be sure that wrap-(noir)-session is called?
from luminus.
You can see al the default middleware that gets applied by the app-handler
here.
from luminus.
So I had a discussion with the owner of ring.core. It turns out ring is not re-sending the session cookie if the session data hasn't changed, which actually makes sense. It seems that I need to come up with my own solution for proper renewing auth-focused session cookies. Thanks a lot for your help!
from luminus.
Thanks for following up, good to know that's what was happening.
from luminus.
Related Issues (20)
- Can't make method spoofing on HTML forms HOT 1
- Typo in documentation HOT 1
- doc page seams to be down HOT 1
- routing doc - handling file uploads
- homepage can't visit
- Migrations do not work on postgres HOT 4
- How to include ClojureScript into HTML page? HOT 1
- Can't get Swagger UI service endpoints HOT 2
- doc for connecting remote repl from heroku through ssh tunnel
- Infinite loop for a new app [:app] Compiling ... [:app] Build completed. HOT 6
- A bit outdated documentation on Ring middleware? HOT 2
- `lein run` on new app with http-kit does not work HOT 4
- +war profile: clojure.lang.ArityException: Wrong number of args (1) passed to: myapp.handler/app HOT 21
- :query-string doesn't contain qualified keywords HOT 1
- How to force SSL on Heroku HOT 1
- Hiccup format from http handlers HOT 2
- REPL instructions in migrations.html not working HOT 7
- Immutant has been broken since Java 1.09+ HOT 1
- Docs site not up to date? HOT 1
- Missing dependency on snakeyaml HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from luminus.