#session #session-management #axum #cookies #typed-session

typed-session-axum

Cookie-based sessions for Axum via typed-session

9 releases

0.3.0 Dec 3, 2023
0.2.4 Sep 30, 2023
0.2.2 Aug 20, 2023
0.2.0 Jul 6, 2023
0.1.0-alpha.0 Feb 26, 2023

#1634 in Web programming

BSD-2-Clause

41KB
620 lines

Typed Session Management for Axum

Version Downloads Docs

API documentation: docs.rs

A session manager for axum with focus on efficiency and usability. It was designed to live up to the session security standards published by the OWASP® Foundation's. Compared to existing art, this crate abstracts over the concrete type used to store session data, allowing to model session states in a type-safe way to unlock the full power of Rust for session management.

Security

We have designed and implemented the crate with security in mind. Our design fulfils the requirements stated in The OWASP® Foundation's cheat sheet on session management. We additionally hash the session ids using the fast and secure hash function blake3 before storing them. To mitigate exploitable bugs we use #![forbid(unsafe_code)] to ensure everything is implemented in 100% safe Rust.

For further details, refer to the crate-level documentation.

So far, this crate has not been reviewed for security. If you have the necessary skills and wish to contribute to an open source project, please get in touch.

Contributing

Want to join us? Check out our "Contributing" guide and take a look at some of these issues:

Any contribution you intentionally submit for inclusion in the work shall be licensed under the BSD-2-Clause license.

Acknowledgements

This work is based on the crate axum-sessions by Max Countryman.

License

This crate is licensed under the BSD-2-Clause license.

Dependencies

~9–16MB
~220K SLoC