Re: Ring's session cookie-store

Sat, 06 Jul 2013 12:08:03 -0700 

Hey,

cookie-store does not expect a string but a map like (cookie-store {:key 
your-key}) otherwise it will generate a random new key each restart, which 
you observed.

You can also set some options for the cookie itself, see :cookie-attrs 
(http://clojuredocs.org/ring/ring.middleware.session/wrap-session) which 
should fix your expiration issues.

HTH,
/thomas

On Saturday, July 6, 2013 1:20:57 PM UTC+2, Alexander Solovyov wrote:
>
> Hi all,
>
> I wrote a small site using compojure and friend and naturally I used 
> ring's own wrap-session to handle sessions. My code looks like this:
>
> (def app
>   (-> app-routes
>       (friend/authenticate {:credential-fn (partial 
> creds/bcrypt-credential-fn
>                                                     db/get-user)
>                             :workflows [(workflows/interactive-form)]
>                             :login-uri "/login/"})
>       (handler/site {:session {:store (cookie-store "TRULY SECRET KEY")}})
>       (permacookie "ring-session")))
>
> And I discovered two problems with how session cookie was handled. First 
> one was that expiration was always set to session, while I want my users to 
> stay logged in for some longer period of time. I fixed that by writing my 
> own middleware (permacookie).
>
> Second one is that if I restart my app, cookie's store never decrypts the 
> cookie. I guess that's something to do with cryptography, since when I 
> encrypt same data in repl, I get different result from what I have in 
> cookie.
>
> Now I'm confused - why do have cookie store at all if memory storage will 
> provide exactly same persistency? Or am I doing something wrong? How do I 
> make cookie store decrypt and check cookies between server restarts?
>  

-- 
-- 
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to [email protected]
Note that posts from new members are moderated - please be patient with your 
first post.
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to