shield Persist metadata to session

Is it possible to persist metadata to session?

May 07 '23 16:05 notramo

Depends on the nature of this metadata. Lucky::Session#set takes in only String values. If this metadata is a compound data type, you could #to_json it and set it in session, then .from_json it when you retrieve it (assuming it's JSON-serializable).

May 07 '23 20:05 akadusei

Where is it stored? It's important to document it, because developers need to know if it's sent to the client or stored server-side. If it's sent to the client, is it encrypted?

May 08 '23 13:05 notramo

Lucky encrypts sessions server side, then stores them as cookies on the client (via the Set-Cookie response header). You may check Lucky's documentation at https://luckyframework.org, or view the source code at https://github.com/luckyframework/lucky.

May 08 '23 20:05 akadusei

Is it possible to add a server-side storage for sessions which are not sent to clients?

I'm also interested in what data does shield store, and where?

May 08 '23 21:05 notramo

Is it possible to add a server-side storage for sessions which are not sent to clients?

Check out https://github.com/KasKatto/redis-session. Shield will use whatever session handler your Lucky app uses. You may also ask for more suggestions/recommendations in the Lucky forums (https://github.com/luckyframework/lucky/discussions), or on discord (https://luckyframework.org/chat).

I'm also interested in what data does shield store, and where?

See https://github.com/GrottoPress/shield/issues/54#issuecomment-1539031378

May 09 '23 08:05 akadusei