I would create a browser cookie with a session id and also store the session id
somewhere on the server (database, memory, etc) then on every request check if
the transmitted session id is still in your datastore.
To invalidate session keys you could register a function with asyncCheck that
loops over every stored session in you datastore and removes the sessions that
are too old. eg:
proc removeOldSessions(): Future[void] {.async.} =
while true:
# code to invalidate old sessions from manager
await sleepAsync(5_000)
# ....
proc main() =
let server = newAsyncHttpServer()
asyncCheck sessions_manager()
asyncCheck removeOldSessions()
waitFor server.serve(Port(8080), cb)
Run
Also, do not discard futures:
discard sessions_manager() should be: asyncCheck sessions_manager()
i also think you need an sessionManager object that has your sessions stored
and that you always pass to each relevant procedures.
