Open notramo opened 1 year ago
Depends on the nature of this metadata. Lucky::Session#set
takes in only String
values. If this metadata is a compound data type, you could #to_json
it and set it in session, then .from_json
it when you retrieve it (assuming it's JSON-serializable).
Where is it stored? It's important to document it, because developers need to know if it's sent to the client or stored server-side. If it's sent to the client, is it encrypted?
Lucky encrypts sessions server side, then stores them as cookies on the client (via the Set-Cookie
response header). You may check Lucky's documentation at https://luckyframework.org, or view the source code at https://github.com/luckyframework/lucky.
Is it possible to add a server-side storage for sessions which are not sent to clients?
I'm also interested in what data does shield
store, and where?
Is it possible to add a server-side storage for sessions which are not sent to clients?
Check out https://github.com/KasKatto/redis-session. Shield will use whatever session handler your Lucky app uses. You may also ask for more suggestions/recommendations in the Lucky forums (https://github.com/luckyframework/lucky/discussions), or on discord (https://luckyframework.org/chat).
I'm also interested in what data does shield store, and where?
See https://github.com/GrottoPress/shield/issues/54#issuecomment-1539031378
Is it possible to persist metadata to session?