Comments (5)
I'd be happy to contribute such an option if want! just LMK.
Sure. PRs are welcome.
In the issue about ring 2.0 you mention it should maintain 1.0 compatibility, wouldn't that be the same issue?
For performance purposes, I was considering ring.middleware2.*
namespaces that contain middleware that will only work with the updated request maps, and as the namespace differs, we can fix any legacy issues with these functions as well. The ring.middleware
namespace is intended work with both request maps, and should be backward compatible.
On a separate thought; Originally I wanted to encrypt the cookies (very similar to the session.cookie store). I ended up implementing a very similar solution as cookie encoder/decoder, but it would be nice to extract the encryption from
ring.middleware.session.cookie
into separate encoders/decoders instead. WDYT?
My first thought is that it might be too niche a requirement to have as part of Ring core.
from ring.
Thanks for raising this issue. My thought for resolving it would be to add an option :set-cookies?
to the session middlewware that defaults to true
, but can be set to false
in order to disable this behaviour.
Of course, the ideal would be to not have the session and cookie middleware complected to begin with, but unfortunately we have to live with past mistakes to ensure backward compatibility. However, we may be able to solve this issue in Ring 2.0.
from ring.
My thought for resolving it would be to add an option :set-cookies? to the session middleware that defaults to true, but can be set to false in order to disable this behaviour.
I'd be happy to contribute such an option if want! just LMK.
but unfortunately we have to live with past mistakes to ensure backward compatibility.
Yeah this was my concern too. Another possible solution would to create a new namespace. (lacinia-pedestal did a similar thing a while back).
However, we may be able to solve this issue in Ring 2.0.
In the issue about ring 2.0 you mention it should maintain 1.0 compatibility, wouldn't that be the same issue?
On a separate thought; Originally I wanted to encrypt the cookies (very similar to the session.cookie store). I ended up implementing a very similar solution as cookie encoder/decoder, but it would be nice to extract the encryption from ring.middleware.session.cookie
into separate encoders/decoders instead. WDYT?
from ring.
Sure. PRs are welcome.
Allright, I have a fix locally will create the PR when I have a test ready too!
My first thought is that it might be too niche a requirement to have as part of Ring core.
That seems fair 👍 . it's more about decomplecting the session.cookie store. Moving the encryption to cookie-encoders/decoder lowers the responsibility for the session-stores too. By splitting the two, ring allows consumers to use different session-stores (without duplicating the encryption logic), or change the encryption logic without duplicating the session store.
But I agree that it's a niche ;). I just noticed I needed to duplicate the encryption while building a database-backed session-store.
from ring.
Note: A fix for this issue should also resolve #392.
from ring.
Related Issues (20)
- upgrade of Apache Commons FileUpload to 1.5 HOT 13
- Websocket support HOT 1
- The AES / CBC algorithm used in the cookie session store _might_ be insecure HOT 3
- Attributes in the `Set-Cookie` header are formatted incorrectly HOT 1
- How to measure time that it takes to complete a request? HOT 2
- Documentation for cookies HOT 2
- How to change UriCompliance mode HOT 2
- Streaming body issue with a synchronous ring handler HOT 4
- Add support for Partitioned cookies (CHIPS) HOT 1
- JettyWebSocketServerContainer can not implement WebSocketPolicy because it is not an interface HOT 4
- Reflection warnings HOT 2
- ring hangs when attempting to use websockets with :async? true HOT 3
- Catch up rename of `websocket-request?` to `upgrade-request?` in Wiki HOT 1
- How do I specify an optional field when accepting multipart-params for a request? HOT 1
- wrap-multipart-params creates an empty file when an empty file input is submitted HOT 4
- ring and ring-jetty-adapter 1.12.1 fails to work with simple example from wiki HOT 2
- cleaning up after a websocket goes aways is not clear HOT 4
- Update jetty-server HOT 3
- False positive circular dependency in wrap-reload due to as-alias HOT 2
- `(wrap-not-modified)` is better off removing `Content-Length` header from 304 Not Modified responses HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ring.