Evolving axum-sessions #56
Replies: 6 comments 25 replies
-
I've put together a working prototype over in the I would very much appreciate any feedback folks have. I think |
Beta Was this translation helpful? Give feedback.
-
Hey dude, Apologies - I’m not sure if it was the same way in the original, but here are two suggestion regardless. Entry APIIn HashMaps, there’s a commonly used Entry API, which could be quite useful here. Strongly typed sessionsI see that what gets inserted into the session is strongly typed, but it looks like the session itself is 'stringly' typed. Any chance you could expose an API similar to the Query extractor where it takes a generic type. You could also take this further by using this current Session as a WeakSession, and then having a SessionStore which only stores one struct for the session, so you avoid all the string-typing and possible optionals. |
Beta Was this translation helpful? Give feedback.
-
I haven't checked the code yet, but would it be possible to disable the creation of new sessions if no cookie is present? Seems like unecessary overhead for parts of the app that don't need that funcionality |
Beta Was this translation helpful? Give feedback.
-
Sounds exciting!
Wouldn't this make them effectively single-threaded? No two routes could access the session data at the same time, even if they need read-only access (which is the case for auth). A |
Beta Was this translation helpful? Give feedback.
-
One of the reasons I ended up rolling my own session management code for a pet project of mine is the fact that axum-session prescribed the "shape" of the session for me - that is, a hashmap. In my usecase, sessions are well-defined in what properties they have, and maps directly to a database table (https://github.com/Alxandr/dbost/blob/be07185/domain/entities/src/session.rs#L15). |
Beta Was this translation helpful? Give feedback.
-
@maxcountryman here is my example from a real system. Basically I have this types: /// User session.
#[derive(Debug, Clone, Serialize, Deserialize, JsonSchema)]
pub struct Session {
pub id: Thing,
pub user: LinkedRecord<User>,
pub expires: DateTime,
pub ip: Vec<String>,
pub created_at: DateTime,
pub updated_at: DateTime,
}
/// User of the system.
#[derive(Debug, Clone, Serialize, Deserialize, JsonSchema)]
pub struct User {
pub id: Thing,
pub role: UserRole,
pub cart: Vec<LinkedRecord<CartItem>>,
pub orders: Vec<LinkedRecord<Order>>,
pub created_at: DateTime,
pub updated_at: DateTime,
} I also have a custom middleware that creates sessions with users (session always has a user). If I went with a |
Beta Was this translation helpful? Give feedback.
-
Hi folks,
I wanted to share some experimental work I've done recently to look at reworking this crate with
tower-cookies
in the hopes that you all might have some feedback and share your input.The design of this new approach works like this:
tower-cookies
This is more or less how
axum-sessions
works today with some ergonomic improvements in the code itself. However, that's largely where the similarities end.With
tower-sessions
, I've also implemented sessions and session stores directly, and dropped the dependency on a third-party crate. This will help us ensure we can iterate on the core pieces of the crate without needing to wait on upstream updates. It also means that stores can be provided as part of the crate directly, placed behind feature flags.Some notable evolutions:
tower-cookies
SessionStore
trait, but will provide common stores like Redis and SQL out of the boxOn that last point, I've started implementing this as its own crate. It's a break from the direction of
axum-sessions
and is written for tower from the ground up. That said it works with axum and the intent would be to replace this crate going forward.I will share a new repo shortly so you all can take a look. However, I would love your feedback here.
Beta Was this translation helpful? Give feedback.
All reactions