Ability to create a custom HttpServer session manager that allows persistence #16502
Comments
|
Justin I know you have some ideas for this. cc @justinfagnani. |
|
I think there are two responsibilities here, managing the session cookie and managing the session state. Managing the cookie is hopefully doable with a simple callback. There's questions about how much of the request/response interface it needs access to, and how it's parameterized, but a starting point could just be: typedef String SessionCookieCallback(HttpRequest request, {bool create, Duration timeout}); I'm pretty sure that just establishing the session cookie can be synchronous. Associating the session ID with an actual session should be async. abstract class HttpSessionManager { // saves a session to the backing store /// Tells the manager to persist all unsaved sessions to the backing store Then let the manage be registered, and provide an async method to get the session: HttpServer { addSessionManager(RequestMatcher matcher, HttpSessionManager manager, {SessionCookieCallback cookieCallback}); Future<HttpSession> getSession(); (I assume that we have a standard request matcher: typedef Future<bool> RequestMatcher(HttpRequest r); which is used to filter requests.) |
|
This comment was originally written by sfesca...@gmail.com I agree, I would add that creating the sessionId also needs to be async as a check in a persistent store for uniqueness may be required. |
|
Removed Area-IO label. |
|
This comment was originally written by miroslav.r...@gmail.com Hi, can we expect implementation anytime soon? We'd like to use Dart on the server-side and it's really needed for production mode. Thanks! |
|
This comment was originally written by @zoechi What about shelf and shelf_auth (includes jwtSession) |
|
This comment was originally written by miroslav....@gmail.com The problem that we need to solve are persistent sessions - use Redis adapter to store and retrieve sessions instead of storing them in memory. The goal is to use them seamlessly through shelf_auth looks like interesting project but (as far as I understand) it wouldn't allow me to inject custom session data into Request objects even if I write custom SessionHandler -- because it is not currently possible in the dart.io implementation. This is what this issue is trying to solve. Of course, we could write our own persistent session manager and use it instead of accessing request.session objects. But it's not a nice solution, since there would be 2 simultaneous session management systems, 2 session ids in cookies, 2 ways to access sessions (but only one persistent, with no way to enforce usage of that one only), ... |
|
Removed Type-Defect label. |
kevmoo
added
the
area-core-library
kevmoo
added
type-enhancement
This issue was originally filed by sfesc...@gmail.com
The ability to plug in a custom HttpSessionManager would allow for persistent session management. This is needed for clustered and distributed sessions.
What would be needed is the ability to create a custom session manager that (in addition to current HttpSessionManager's interface) is invoked to:
Additionally, the HttpRequest should get the _DART_SESSION_ID from the sessionManagerInstance rather then hardcoded.
The text was updated successfully, but these errors were encountered: