9 releases
| 0.3.0 | Dec 3, 2023 |
|---|---|
| 0.2.4 | Sep 30, 2023 |
| 0.2.2 | Aug 20, 2023 |
| 0.2.0 | Jul 6, 2023 |
| 0.1.0-alpha.0 | Feb 26, 2023 |
#1634 in Web programming
41KB
620 lines
Typed Session Management for Axum
API documentation: docs.rs
A session manager for axum with focus on efficiency and usability. It was designed to live up to the session security standards published by the OWASP® Foundation's. Compared to existing art, this crate abstracts over the concrete type used to store session data, allowing to model session states in a type-safe way to unlock the full power of Rust for session management.
Security
We have designed and implemented the crate with security in mind.
Our design fulfils the requirements stated in The OWASP® Foundation's cheat sheet on session management.
We additionally hash the session ids using the fast and secure hash function blake3 before storing them.
To mitigate exploitable bugs we use #![forbid(unsafe_code)] to ensure everything is implemented in 100% safe Rust.
For further details, refer to the crate-level documentation.
So far, this crate has not been reviewed for security. If you have the necessary skills and wish to contribute to an open source project, please get in touch.
Contributing
Want to join us? Check out our "Contributing" guide and take a look at some of these issues:
Any contribution you intentionally submit for inclusion in the work shall be licensed under the BSD-2-Clause license.
Acknowledgements
This work is based on the crate axum-sessions by Max Countryman.
License
This crate is licensed under the BSD-2-Clause license.
Dependencies
~9–16MB
~220K SLoC