Compojure/Ring:为什么与 cookie-store 的会话在服务器重启后无法存活? [英] Compojure/Ring: Why doesn't a session with cookie-store survive a server restart?

问题描述

我有一个 compojure 应用程序，它使用环会话包装器来存储与当前用户关联的 OAuth 令牌.我希望此令牌在服务器重新启动时保持可用，这样我就不必每次都经过身份验证过程.

I have a compojure app that uses the ring session wrapper to store the OAuth token associated with the current user. I would like for this token to remain available when the server restarts, so that I don't have to go through the auth process each time.

我认为使用 cookie-store 而不是默认的 memory-store 会有所帮助，但事实并非如此.我错过了什么?

I assumed that using the cookie-store instead of the default memory-store would help, but it does not. What am I missing?

这是代码的相关部分:

(defn auth-callback-handler
  [session {code :code}]
  (let [token (retrieve-token code)]
    (-> (redirect "/") (assoc :session (assoc session :token token)))))

(defroutes app-routes
  (GET "/" {session :session} (root-handler session))
  (GET "/auth-callback" {session :session params :params} (auth-callback-handler session params))
  (route/not-found "Not Found"))

(def app
  (-> (handler/site app-routes)
      (wrap-session {:store (cookie-store {:key "a 16-byte secret"})})))

root-handler 函数使用令牌来判断某人是否已登录，但不会以会话信息的方式返回任何内容.

The function root-handler uses the token to decide if someone is logged in or not, but does not return anything in the way of session info.

推荐答案

问题在于您的应用程序中有 2 个包装会话中间件，因为处理程序/站点带有一个.这导致加密/解密运行两次.配置 compojure 会话句柄使用:

The issue is that you have 2 wrap-session middlewares in your app, as the handler/site comes with one. This is causing the encrypt/decrypt to be run twice. To configure the compojure session handle use:

(def app
  (site app-routes {:session {:store (cookie-store {:key "a 16-byte secret"})}}))

此外，也许您会对其中一些实现环 SessionStore 协议的项目感兴趣:

Also, perhaps you would be interested on some of these projects, which implement the ring SessionStore protocol:

https://github.com/sritchie/couch-session

https://github.com/wuzhe/clj-redis-session

https://github.com/rmarianski/servlet-session-store

要使最后一个持久化，您需要检查您选择的 servlet 容器的文档.

To make the last one persistent you will need to check the documentation of your servlet container of choice.

这篇关于Compojure/Ring:为什么与 cookie-store 的会话在服务器重启后无法存活?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！