Hi all,
I wrote a small site using compojure and friend and naturally I used ring's
own wrap-session to handle sessions. My code looks like this:
(def app
(-> app-routes
(friend/authenticate {:credential-fn (partial
creds/bcrypt-credential-fn
db/get-user)
:workflows [(workflows/interactive-form)]
:login-uri "/login/"})
(handler/site {:session {:store (cookie-store "TRULY SECRET KEY")}})
(permacookie "ring-session")))
And I discovered two problems with how session cookie was handled. First
one was that expiration was always set to session, while I want my users to
stay logged in for some longer period of time. I fixed that by writing my
own middleware (permacookie).
Second one is that if I restart my app, cookie's store never decrypts the
cookie. I guess that's something to do with cryptography, since when I
encrypt same data in repl, I get different result from what I have in
cookie.
Now I'm confused - why do have cookie store at all if memory storage will
provide exactly same persistency? Or am I doing something wrong? How do I
make cookie store decrypt and check cookies between server restarts?
--
--
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to [email protected]
Note that posts from new members are moderated - please be patient with your
first post.
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
---
You received this message because you are subscribed to the Google Groups
"Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
