scotty-web
Implement user sessions
(as already mentioned in the urlshortener example program)
With cookies #69 and a proper exception system in place #310 it should be possible (and fairly easy) to implement a "session" interface like Flask and similar have:
https://testdriven.io/blog/flask-sessions/
See also #59
code from here could be recycled for this purpose : https://hackage.haskell.org/package/scotty-session-0.0.5/docs/Web-Scotty-Session.html#t:ScottySM
but using scotty internal cookie functions
I just published wai-cryptocookie, a small wai library that maybe could be used to implement this.
https://hackage.haskell.org/package/wai-cryptocookie/docs/Wai-CryptoCookie.html
The library doesn't depend on anything other than what scotty already depends on.
Hi @k0001 , I checked out cryptocookie, seems it would be sensible to introduce it as a good security default. I just have a hard time following the continuation-based API, how do you think it could be best integrated here in scotty? Thanks!
Hi @ocramz. Have you seen the example code in the tests? https://github.com/k0001/hs-wai-cryptocookie/blob/master/wai-cryptocookie/test/Main.hs — It's not the most didactic, I know, but you'll see there how to use Wai.CryptoCookie.middleware to transform a Wai.Application.
Working with Wai.Middleware and Wai.Application can be confusing 😅
As for how wai-cryptocookie and scotty could be integrated nicely: I'm pretty sure I had an example somewhere, since this was my motivator for writing wai-cryptocookie in the first place, but I can't find it now. I'll try to write a new example and share it here.