-
Notifications
You must be signed in to change notification settings - Fork 82
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unwanted CookieBasedSession in Nancy Implementation #157
Comments
@devandy can you please link to the specific code/file that this exists on? |
Cookie based sessions are enabled here EnableSessions.cs#L9 |
Yes, removing it the application's session management works again. |
This library should work out of the box so we need to enable sessions for it to work. So I guess we need to add a setting to disable the setting when you want to control it yourself. |
@devandy out of interest, what type of session are you using and how are you setting that up, etc? |
I'm using a
|
OK. So I started looking into this issue and realized I'm an idiot (again) - I totally misunderstood the context of this problem. So, with a Nancy app, the SA code was force-wiring up Cookies as the session backing store. not good. In my new code for the v2.0 release, this is some sample code that is using sessions...
So this is using the Nancy If that's the case, then my new code is good and I can close this issue. |
This bug is linked to #145 |
Nancy doesn't have session support out of the box, you need to opt-in to it. The default provider will throw an exception if you try to access the session object. |
Ahhhh - excellent reply @xt0rted Ok - so the next question is this: By default (for a Nancy web app), is it acceptable that Simple Authentication with throw an exception when a person tries to Redirect to a Provider (google, fb, etc) ? My vote: yes it is. Rational: I see this as a Nancy concern, not an SA concern. Thoughts anyone? |
Yes, I expect that if i don't enable session support I'll get an exception, it's not a SA concern. Obviously I expect that there is a note in the SA documentation about Nancy Session Support requirement. |
Sweet! I'll add a label here so I know to document this issue when I get around to releasing the vnext. |
In the Nancy implementation, there is a class that set the CookieBasedSession (EnableSessions.cs) on application start up.
This is bad because ovverides the application specific implementation of session management.
I think that that class has to be removed, and let the developer decide which type of session implementation is the best choice.
The text was updated successfully, but these errors were encountered: