#2680 Wisp Session Store

jhughes Tue 30 Jan 2018

I have a WebMod that does some authentication and then updates the session with some information. I'm struggling with figuring out though is how the interaction with the session store works.

  1. How does a session from a WebMod get loaded into the session store?
  2. Is it a manual process or automatic?
  3. If manual, how do I access the session store from a web mod to load the session into it?
  4. What's the preferred method to save the store and load from a file for persistence through a restart?

SlimerDude Tue 30 Jan 2018

Hi jhughes,

The Session Store is handled by the Wisp web server via the WispSessionStore. You subclass this and pass the instance to the WispServer via an it-block as you create it:

wisp := WispService {
    it.root = ...
    it.sessionStore = MySessionStore()

As an example, I recently wrote an article showing how a Session Store can store sessions in a Mongo Database here: Store HTTP Sessions in MongoDB.

jhughes Tue 30 Jan 2018

I didn't quite follow the whole proxy IoC stuff or why it was necessary but it appears from that post that the only real way to interact with the session store is to write your own implementation.

I am still not sure if there's any way to interact with the default in memory session store as all my attempts have failed. If I need to develop my own I will, just want to fully understand what's already possible with the default implementation before I go down that route.

brian Tue 30 Jan 2018

To answer your questions:

  1. Sessions get created by web::WebReq.session
  2. Its only when you call that method while processing a web request
  3. As an consumer, the only real public API is thru WebReq.session
  4. You do have to plugin a custom WispSessionStore as Steve posted.

For more sophisticated stuff, you don't even really need to use this this infrastructure - its also easy to just keep track of your own cookie and allocate ids to whatever structure you want using an actor to manage it all. That assumes you have a single choke-point for all web requests. Although the built-in session stuff is very handy and simple to use.

What exactly are you trying to do?

jhughes Tue 30 Jan 2018

Essentially I was going to be doing the same thing Steve posted but not for mongo so it's good starting point to reference.

I was originally just trying to see if I could access the existing sessions from the default store so I could avoid having to write an entirely new plugin but couldn't figure out any way to inspect and/or modify the current sessions in the store.

SlimerDude Tue 30 Jan 2018

Ah okay, so no, there is no way to get a hold of a reference to, or interact with the SessionStore from within a WebMod. The SessionStore is a Wisp implementation detail, and is completely abstracted away by web::WebSession.

As I hoped my article pointed out, implementing your own WispSessionStore isn't difficult; you just need to load / save / delete a map of data. For comparison, here's the source for the default MemWispSessionStore.

If you want to persist a session to a file, the easiest way would be to use standard Fantom serialisation:

// serialise
toStr   := StrBuf() { out.writeObj(session) }.toStr

// deserialise
fromStr := toStr.in.readObj

Just make sure any objects you store are marked with @Serializable (as well as being immutable) and have an it-block ctor called make, so they conform to Fantom's serialisation rules.

jhughes Tue 30 Jan 2018

The article definitely clarified the ease of implementing my own SessionStore but starting from scratch, it was difficult to know what that would look like.

I wasn't necessarily trying to access the SessionStore from a webmod but rather just trying to access the sessions themselves from anywhere. It doesn't seem like the MemWispSessionStore allows this to happen which I assume is for security reasons but it's something I was originally attempting as a possible solution.

Login or Signup to reply.