31 releases (8 breaking)
0.9.0 | Sep 30, 2023 |
---|---|
0.8.0 | Aug 20, 2023 |
0.7.0 | Jul 4, 2023 |
0.3.0 | Mar 17, 2023 |
0.1.0-alpha.10 | Dec 12, 2022 |
#1729 in Web programming
261 downloads per month
Used in typed-session-axum
68KB
1K
SLoC
Async Typed Session Management in Rust
API documentation: docs.rs
Use typed-session to outsource all the low-level details of session management, such as session expiration and automatic renewal as well as change tracking of session data. Typed-session was designed to live up to the OWASP® Foundation's session security standards, with efficiency and usability in mind. With typed-session, you can take full advantage of Rust's type system to model your users' sessions.
Compatibility
Typed session acts as a middleware in a web framework, injecting session information into HTTP requests as required, and storing sessions in a database.
Currently, the following session stores are available:
MemoryStore
, a debug session store available under the feature flagmemory-store
.
Currently, typed-session is integrated into the following web frameworks:
- none so far
Typed-session has no dependency to any specific async runtime, and hence can be used with any.
Security
We have designed and implemented the crate with security in mind.
Our design fulfils the requirements stated in The OWASP® Foundation's cheat sheet on session management.
We additionally hash the session ids using the fast and secure hash function blake3 before storing them.
To mitigate exploitable bugs we use #![forbid(unsafe_code)]
to ensure everything is implemented in 100% safe Rust.
For further details, refer to the crate-level documentation.
So far, this crate has not been reviewed for security. If you have the necessary skills and wish to contribute to an open source project, please get in touch.
Contributing
Want to join us? Check out our "Contributing" guide and take a look at some of these issues:
Any contribution you intentionally submit for inclusion in the work shall be licensed under the BSD-2-Clause license.
Acknowledgements
This work is based on the crate async-session by Yoshua Wuyts and Jacob Rothstein.
License
This crate is licensed under the BSD-2-Clause license.
Dependencies
~3.5–9MB
~99K SLoC