Struct SessionMiddlewareBuilder

pub struct SessionMiddlewareBuilder<Store: SessionStore> { /* private fields */ }

A fluent, customized SessionMiddleware builder.

Implementations

impl<Store: SessionStore> SessionMiddlewareBuilder<Store>

pub fn cookie_name(self, name: String) -> Self

Set the name of the cookie used to store the session ID.

Defaults to id.

pub fn cookie_secure(self, secure: bool) -> Self

Set the Secure attribute for the cookie used to store the session ID.

If the cookie is set as secure, it will only be transmitted when the connection is secure (using https).

Default is true.

pub fn session_lifecycle<S: Into<SessionLifecycle>>( self, session_lifecycle: S, ) -> Self

Determines what type of session cookie should be used and how its lifecycle should be managed. Check out SessionLifecycle’s documentation for more details on the available options.

Default is SessionLifecycle::BrowserSession.

Examples

use actix_web::cookie::{Key, time::Duration};
use actix_session::{SessionMiddleware, config::PersistentSession};
use actix_session::storage::CookieSessionStore;

const SECS_IN_WEEK: i64 = 60 * 60 * 24 * 7;

// creates a session middleware with a time-to-live (expiry) of 1 week
SessionMiddleware::builder(CookieSessionStore::default(), Key::from(&[0; 64]))
    .session_lifecycle(
        PersistentSession::default().session_ttl(Duration::seconds(SECS_IN_WEEK))
    )
    .build();

pub fn cookie_same_site(self, same_site: SameSite) -> Self

Set the SameSite attribute for the cookie used to store the session ID.

By default, the attribute is set to Lax.

pub fn cookie_path(self, path: String) -> Self

Set the Path attribute for the cookie used to store the session ID.

By default, the attribute is set to /.

pub fn cookie_domain(self, domain: Option<String>) -> Self

Set the Domain attribute for the cookie used to store the session ID.

Use None to leave the attribute unspecified. If unspecified, the attribute defaults to the same host that set the cookie, excluding subdomains.

By default, the attribute is left unspecified.

pub fn cookie_content_security( self, content_security: CookieContentSecurity, ) -> Self

Choose how the session cookie content should be secured.

• CookieContentSecurity::Private selects encrypted cookie content.
• CookieContentSecurity::Signed selects signed cookie content.

Default

By default, the cookie content is encrypted. Encrypted was chosen instead of signed as default because it reduces the chances of sensitive information being exposed in the session key by accident, regardless of SessionStore implementation you chose to use.

For example, if you are using cookie-based storage, you definitely want the cookie content to be encrypted—the whole session state is embedded in the cookie! If you are using Redis-based storage, signed is more than enough - the cookie content is just a unique tamper-proof session key.

pub fn cookie_http_only(self, http_only: bool) -> Self

Set the HttpOnly attribute for the cookie used to store the session ID.

If the cookie is set as HttpOnly, it will not be visible to any JavaScript snippets running in the browser.

Default is true.

pub fn build(self) -> SessionMiddleware<Store>

Finalise the builder and return a SessionMiddleware instance.