Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Compojure/Ring: Why doesn't a session with cookie-store survive a server restart?

I have a compojure app that uses the ring session wrapper to store the OAuth token associated with the current user. I would like for this token to remain available when the server restarts, so that I don't have to go through the auth process each time.

I assumed that using the cookie-store instead of the default memory-store would help, but it does not. What am I missing?

This is the relevant part of the code:

(defn auth-callback-handler
  [session {code :code}]
  (let [token (retrieve-token code)]
    (-> (redirect "/") (assoc :session (assoc session :token token)))))

(defroutes app-routes
  (GET "/" {session :session} (root-handler session))
  (GET "/auth-callback" {session :session params :params} (auth-callback-handler session params))
  (route/not-found "Not Found"))

(def app
  (-> (handler/site app-routes)
      (wrap-session {:store (cookie-store {:key "a 16-byte secret"})})))

The function root-handler uses the token to decide if someone is logged in or not, but does not return anything in the way of session info.

like image 267
jgre Avatar asked Sep 19 '12 18:09

jgre


1 Answers

The issue is that you have 2 wrap-session middlewares in your app, as the handler/site comes with one. This is causing the encrypt/decrypt to be run twice. To configure the compojure session handle use:

(def app
  (site app-routes {:session {:store (cookie-store {:key "a 16-byte secret"})}}))

Also, perhaps you would be interested on some of these projects, which implement the ring SessionStore protocol:

https://github.com/sritchie/couch-session

https://github.com/wuzhe/clj-redis-session

https://github.com/rmarianski/servlet-session-store

To make the last one persistent you will need to check the documentation of your servlet container of choice.

like image 115
DanLebrero Avatar answered Oct 25 '22 15:10

DanLebrero