API documentation: docs.rs
Use typed-session to outsource all the low-level details of session management, such as session expiration and automatic renewal as well as change tracking of session data. Typed-session was designed to live up to the OWASP® Foundation's session security standards, with efficiency and usability in mind. With typed-session, you can take full advantage of Rust's type system to model your users' sessions.
Typed session acts as a middleware in a web framework, injecting session information into HTTP requests as required, and storing sessions in a database.
Currently, the following session stores are available:
MemoryStore
, a debug session store available under the feature flagmemory-store
.
Currently, typed-session is integrated into the following web frameworks:
- none so far
Typed-session has no dependency to any specific async runtime, and hence can be used with any.
We have designed and implemented the crate with security in mind.
Our design fulfils the requirements stated in The OWASP® Foundation's cheat sheet on session management.
We additionally hash the session ids using the fast and secure hash function blake3 before storing them.
To mitigate exploitable bugs we use #![forbid(unsafe_code)]
to ensure everything is implemented in 100% safe Rust.
For further details, refer to the crate-level documentation.
So far, this crate has not been reviewed for security. If you have the necessary skills and wish to contribute to an open source project, please get in touch.
Want to join us? Check out our "Contributing" guide and take a look at some of these issues:
Any contribution you intentionally submit for inclusion in the work shall be licensed under the BSD-2-Clause license.
This work is based on the crate async-session by Yoshua Wuyts and Jacob Rothstein.
This crate is licensed under the BSD-2-Clause license.