Lib.rs

β€Ί Web programming β€Ί HTTP server | Authentication
#session-store #axum-session #tower #axum #tower-sessions

axum_session

πŸ“ Session management layer for axum that supports HTTP and Rest

by Andrew Wheeler(Genusis) and 22 contributors

18 releases (breaking)

0.16.0 Jan 16, 2025
0.14.4 Oct 10, 2024
0.14.1 Jul 16, 2024
0.13.0 Mar 11, 2024
0.1.5 Mar 31, 2023

#57 in HTTP server

Download history 1295/week @ 2025-01-12 1092/week @ 2025-01-19 865/week @ 2025-01-26 864/week @ 2025-02-02 880/week @ 2025-02-09 1348/week @ 2025-02-16 1160/week @ 2025-02-23 1619/week @ 2025-03-02 966/week @ 2025-03-09 904/week @ 2025-03-16 1030/week @ 2025-03-23 1053/week @ 2025-03-30 740/week @ 2025-04-06 899/week @ 2025-04-13 790/week @ 2025-04-20 691/week @ 2025-04-27

3,195 downloads per month
Used in 9 crates

MIT/Apache

150KB
2.5K SLoC

Axum Session

https://crates.io/crates/axum_session Docs Discord Server

πŸ“‘ Overview

`axum_session` provide's a Session management middleware that stores all session data within a MemoryStore internally. Optionally it can save data to a persistent database for long term storage. Uses Cookie or Header stored UUID's to sync back to the session store.

  • Cookies or Header Store of Generated Session UUID and a Store Boolean.
  • Uses a DatabasePool Trait so you can implement your own Sub Storage Layer.
  • Convenient API for Session no need to mark as Read or Write making Usage Easier.
  • Uses dashmap for internal memory lookup and storage to achieve high throughput.
  • Uses Serde for Data Serialization so it can store any Serde supported types into the Sessions data.
  • Supports Redis, SurrealDB, MongoDB and SQLx optional Databases out of the Box.
  • Supports Memory Only usage. No need to use a persistent database.
  • Supports Cookie and Header Signing for integrity, and authenticity.
  • Supports Database Session Data Encryption for confidentiality, integrity.
  • Supports SessionID renewal for enhanced Security.
  • Optional Fastbloom key storage for reduced Database lookups during new UUID generation. Boosting Bandwidth.
  • Optional Rest Mode that Disables Cookies and uses the Header values instead.
  • uses #![forbid(unsafe_code)] to ensure everything is implemented as safe rust.
  • has an advanced API to allow further control of a session.
  • uses IP address's and user agent to deter spoofing of signed cookies and headers.

🚨 Help

If you need help with this library or have suggestions please go to our Discord Group

πŸ“¦ Install

Axum Session uses tokio. to your cargo include for Axum Session.

# Cargo.toml
[dependencies]
# Postgres + rustls
axum_session = { version = "0.16.0" }

πŸ“± Cargo Feature Flags

Features Description
advanced Enables functions that provide more control over sessions.
rest_mode Disables cookie handling and instead only uses a header. For rest API requests and responses.
key-store Enables optional in-process key storage. This increases RAM usage depending on Fastbloom settings.
Database Crate Persistent Description
axum_session_sqlx Yes Sqlx session store
axum_session_surreal Yes Surreal session store
axum_session_mongo Yes Mongo session store
axum_session_redispool Yes RedisPool session store

πŸ”Ž Example Default Setup

You can find examples within the Repository

use sqlx::{ConnectOptions, postgres::{PgPoolOptions, PgConnectOptions}};
use std::net::SocketAddr;
use axum_session::{Session, SessionPgPool, SessionConfig, SessionStore, SessionLayer};
use axum::{
    Router,
    routing::get,
};
use tokio::net::TcpListener;

#[tokio::main]
async fn main() {

    let poll = connect_to_database().await.unwrap();

    //This Defaults as normal Cookies.
    //To enable Private cookies for integrity, and authenticity please check the next Example.
    let session_config = SessionConfig::default()
        .with_table_name("sessions_table");

    // create SessionStore and initiate the database tables
    let session_store = SessionStore::<SessionPgPool>::new(Some(poll.clone().into()), session_config).await.unwrap();

    // build our application with some routes
    let app = Router::new()
        .route("/greet", get(greet))
        .layer(SessionLayer::new(session_store));

    // run it
    let addr = SocketAddr::from(([0, 0, 0, 0], 8000));

    println!("listening on {}", addr);
    let listener = TcpListener::bind(addr).await.unwrap();
    axum::serve(listener, app).await.unwrap();
}

async fn greet(session: Session<SessionPgPool>) -> String {
    let mut count: usize = session.get("count").unwrap_or(0);

    count += 1;
    session.set("count", count);

    count.to_string()
}

async fn connect_to_database() -> anyhow::Result<sqlx::Pool<sqlx::Postgres>> {
    // ...
    unimplemented!()
}

πŸ”‘ Key Store Details

To enable and use fastbloom key storage for less database lookups. Add the feature "key-store" to the crate’s features. This feature will increase the ram usage server side. but will heavily improve the bandwidth limitations and reduce latency of returns from the server. This is based on how much the filter_expected_elements and filter_false_positive_probability are set too. The higher they are the more ram is used. You will also need to Enable the bloom filter in the config for it to be used. By default, the use_bloom_filters is enabled and these config options exist whither or not the feature is enabled. Please refer to with_filter_expected_elements and with_filter_false_positive_probability within the documents to set the options. Otherwise stick with the default settings which should work in most situations. Just do note these options provide on how many False positives could possibly occur when comparing a UUID to what currently exists, which means it will keep trying till it finds none that match. Higher values decrease the chance of a false positive but increase ram usage.

😎 Session Login and Authentication via axum_session_auth

For user login, login caching and authentication please see axum_session_auth.

Dependencies

~11–19MB
~249K SLoC