I want to disable sessions for headless API endpoints, but I have to keep them turned on because this service also handles user logins.
However makeSessionBackend
doesn't have access to Handler
stuff or even current URI, like isAuthorizedSource
does.
It appears to me that I should lift Client Session Backend code and sprinkle it with wrappers until the moment I can get at least textual path from that WAI Request
.
Isn't there a better way to tell any bakend to ignore some routes like StaticR
?
All of your points can be modified by overriding the makeSessionBackend
method in the Yesod typeclass. Something like
instance Yesod App where
makeSessionBackend _ = fmap Just $ defaultClientSessionBackend expireTime filepath
where expireTime = 24 * 60
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With