Copyright(c) digitally induced GmbH 2021
Safe HaskellNone

IHP.Controller.Session

Description

The session provides a way for your application to store small amounts of information that will be persisted between requests. It’s mainly used from inside your controller actions.

In general, you should not store complex data structures in the session. It’s better to store scalar values in there only. For example: Store the current user-id instead of the current user record.

The session works by storing the data inside a cryptographically signed and encrypted cookie on the client. The encryption key is generated automatically and is stored at Config/client_session_key.aes. Internally IHP uses the clientsession library. You can find more technical details on the implementation in the clientsession documentation.

The cookie max-age is set to 30 days by default. To protect against CSRF, the SameSite Policy is set to Lax.

Synopsis

Documentation

setSession :: (?context :: ControllerContext) => Text -> Text -> IO () Source #

Stores a value inside the session:

action SessionExampleAction = do
    setSession "userEmail" "hi@digitallyinduced.com"

Right now, setSession only accepts Text values. Other types like Int have to be converted to Text using show theIntValue.

getSession :: (?context :: ControllerContext) => Text -> IO (Maybe Text) Source #

Retrives a value from the session, returns it as a Text:

action SessionExampleAction = do
    userEmail <- getSession "userEmail"

userEmail is set to Just "hidigitallyinduced.com" when the value has been set before. Otherwise, it will be Nothing@.

For convenience you can use getSessionInt to retrieve the value as a Maybe Int, and getSessionUUID to retrieve the value as a Maybe UUID:

action SessionExampleAction = do
    counter :: Maybe Int <- getSessionInt "counter"
    userId :: Maybe UUID <- getSessionUUID "userId"

getSessionAndClear :: (?context :: ControllerContext) => Text -> IO (Maybe Text) Source #

Returns a value from the session, and deletes it after retrieving:

action SessionExampleAction = do
    notification :: Maybe Text <- getSessionAndClear "notification"

getSessionInt :: (?context :: ControllerContext) => Text -> IO (Maybe Int) Source #

Retrives a value from the session, and parses it as an Int:

action SessionExampleAction = do
    counter :: Maybe Int <- getSessionInt "counter"

Return Nothing if parsing fails.

getSessionUUID :: (?context :: ControllerContext) => Text -> IO (Maybe UUID) Source #

Retrives a value from the session, and parses it as an UUID:

action SessionExampleAction = do
    userId :: Maybe UUID <- getSessionUUID "userId"

Return Nothing if parsing fails.

getSessionRecordId :: forall record. (?context :: ControllerContext, PrimaryKey (GetTableName record) ~ UUID) => Text -> IO (Maybe (Id record)) Source #

Retrives e.g. an Id User or Id Project from the session:

action SessionExampleAction = do
    userId :: Maybe (Id User) <- getSessionRecordId @User "userId"

Return Nothing if parsing fails.

deleteSession :: (?context :: ControllerContext) => Text -> IO () Source #

After deleting a session value, calls to getSession will returns Nothing

Example: Deleting a userId field from the session

action LogoutAction = do
    deleteSession "userId"

Example: Calling getSession after using deleteSession will return Nothing

setSession "userId" "1337"
userId <- getSession "userId" -- Returns: Just 1337

deleteSession "userId"
userId <- getSession "userId" -- Returns: Nothing