Persist metadata to session

[notramo]

Is it possible to persist metadata to session?

[akadusei]

Depends on the nature of this metadata. Lucky::Session#set takes in only String values. If this metadata is a compound data type, you could #to_json it and set it in session, then .from_json it when you retrieve it (assuming it's JSON-serializable).

[notramo]

Where is it stored? It's important to document it, because developers need to know if it's sent to the client or stored server-side. If it's sent to the client, is it encrypted?

[akadusei]

Lucky encrypts sessions server side, then stores them as cookies on the client (via the Set-Cookie response header). You may check Lucky's documentation at https://luckyframework.org, or view the source code at https://github.com/luckyframework/lucky.

[notramo]

Is it possible to add a server-side storage for sessions which are not sent to clients?

I'm also interested in what data does shield store, and where?

[akadusei]

Is it possible to add a server-side storage for sessions which are not sent to clients?

Check out https://github.com/KasKatto/redis-session. Shield will use whatever session handler your Lucky app uses. You may also ask for more suggestions/recommendations in the Lucky forums (https://github.com/luckyframework/lucky/discussions), or on discord (https://luckyframework.org/chat).

I'm also interested in what data does shield store, and where?

See https://github.com/GrottoPress/shield/issues/54#issuecomment-1539031378