Cro user session gets forgotten

Question

I'm trying to learn out Cro (and Perl6 simultaneously) ;)

My study app is based on the documentation of Cro. I added some authentication which does work, but the user session gets forgotten immediately.

You can check out the code at https://gitlab.com/ecocode/beaverapp go to the login pasge and login with "user" and "pwd". You get rerouted to / (which indicates the login succeeded), but the message there is "Current user: -". So the session gets lost.

The relevant part of Routes.pm6 :

class UserSession does Cro::HTTP::Auth {
    has $.username is rw;

    method logged-in() {
        defined $!username;
    }
}

my $routes = route {
    subset LoggedIn of UserSession where *.logged-in;

    get -> UserSession $s {
        content 'text/html', "Current user: {$s.logged-in ?? $s.username !! '-'}";
    }

    get -> LoggedIn $user, 'users-only' {
        content 'text/html', "Secret page just for *YOU*, $user.username()";
    }

    get -> 'login' {
        content 'text/html', q:to/HTML/;
            <form method="POST" action="/login">
              <div>
                Username: <input type="text" name="username" />
              </div>
              <div>
                Password: <input type="password" name="password" />
              </div>
              <input type="submit" value="Log In" />
            </form>
            HTML
    }

    post -> UserSession $user, 'login' {
        request-body -> (:$username, :$password, *%) {
            if valid-user-pass($username, $password) {
                $user.username = $username;
                redirect '/', :see-other;
            }
            else {
                content 'text/html', "Bad username/password";
            }
        }
    }

    sub valid-user-pass($username, $password) {
        # Call a database or similar here
        return $username eq 'user' && $password eq 'pwd';
    }
}

sub routes(Beaverapp $beaverapp) is export {
    route {
        # Apply middleware, then delegate to the routes.
        before Cro::HTTP::Session::InMemory[UserSession].new;
        delegate <*> => $routes;
    }
}

I think the problem is due to the middleware session management not working. How should I correct this? Or maybe the problem is due to something else?

Answer 1

The behavior you saw was indeed caused by a bug in cookie-treatment inside of HTTP/2 stack.

As for now, the bug is fixed and the code in OP post works.