Module Webs_kit.Session


Sessions maintain state across request/response cycles. This module provides a basic infrastructure to abstract the mecanism handling sessions.

One built-in mecanism is offered for unencrypted but authenticated client-side sessions via Authenticated_cookies.


Session state

type 'a state

The type for session state of type 'a. Values of this type describe how to test 'a for equality and codec it with bytes.

val state : eq:('a -> 'a -> bool) -> encode:('a -> string) -> decode:(string -> ('a, string) Stdlib.result) -> unit -> 'a state

state ~eq ~encode ~decode () tests state for equality with eq, encodes it with encode and decodes it with decode.

module State : sig ... end

Built-in state values. TODO. Call Tpf to the rescue.

Session handler

type 'a handler

The type for session handler of state of type 'a. Values of this type are in charge of loading and saving the state.

val handler : load:('a state -> Webs.Req.t -> 'a option) -> save:('a state -> 'a option -> Webs.Resp.t -> Webs.Resp.t) -> unit -> 'a handler

handler ~load ~save () is a session handler using load to setup the session state and save to save before responding.

TODO do we want to give the original Req.t to save aswell ?

type 'a resp = 'a option * Webs.Resp.t

The type for session responses.

val setup : 'a state -> 'a handler -> ('a option -> Webs.Req.t -> 'a resp) -> Webs.service

setup st handler service handles loading and saving state st with handler handler for service service which gets current session state as argument and should tuple the new state with the resulting request.

Injecting session state in result

val for_result : 's option -> ('a'b) Stdlib.result -> ('s option * 'a's option * 'b) Stdlib.result

for_result st r injects st in either case of r.

val for_ok : 's option -> ('a'b) Stdlib.result -> ('s option * 'a'b) Stdlib.result

for_ok st r injects st into the error case of r.

val for_error : 's option -> ('a'b) Stdlib.result -> ('a's option * 'b) Stdlib.result

for_error st r injects st into the error case of r.

type nonrec 'a result = ('a resp'a resp) Stdlib.result

Built-in session handlers

with_authenticated_cookie ~key ~atts ~name stores state on the client with an Authenticated_cookie that can be authenticated with the private key key (defaults to Authenticatable.random_key). name is the name of the cookie. atts are the attributes of the cookie, they default to Webs.Http.Cookie.atts_default.