Closed gberenfield closed 9 years ago
It might have to do with the change to using ring-defaults. The :session-options
should still work, but it's deprecated in favor of using the :session
key in ring-defaults config. I'll take a look to see what's preventing the :session-options
key from working correctly, meanwhile could you try the following to see if you still experience the issue with the new method:
(def session-defaults
{:timeout (* 60 120)
:timeout-response (redirect "/")})
(defn- mk-defaults
"set to true to enable XSS protection"
[xss-protection?]
(-> site-defaults
(update-in [:session] merge session-defaults)
(assoc-in [:security :anti-forgery] xss-protection?)))
(def app (app-handler
;; add your application routes here
[home-routes base-routes]
;; add custom middleware here
:middleware (load-middleware)
:ring-defaults (mk-defaults false)
;; add access rules here
:access-rules []
;; serialize/deserialize the following data formats
;; available formats:
;; :json :json-kw :yaml :yaml-kw :edn :yaml-in-html
:formats [:json-kw :edn :transit-json]))
Nothing jumps out at me from cursory glance. The way the timeout is setup is that it the options are passed to noir session here:
(wrap-noir-session
(update-in
(or session-options (:session ring-defaults) (:session site-defaults))
[:store] #(or % (memory-store mem))))
this in turn calls noir.session here:
(defn wrap-noir-session
"A stateful layer around wrap-session. Options are passed to wrap-session."
[handler & [{:keys [timeout timeout-response] :as opts}]]
(let [opts (or (dissoc opts :timeout :timeout-response) {})]
(if timeout
(-> handler
(noir-session)
(wrap-idle-session-timeout
{:timeout timeout
:timeout-response timeout-response})
(wrap-session opts))
(-> handler (noir-session) (wrap-session opts)))))
The session-options key should supersede any other parameters when not nil.
Trying your first comment worked. I created this app about 1-month ago and see that a new app via lein new luminus foo
has the mk-defaults
stuff and now uses ring.middleware.defaults
.
I agree session-options
should take precedence and wonder why it didn't work but am happy to go with the new setup.
Thanks!
It seems
:timeout
and:timeout-response
aren't being correctly passed towrap-noir-session
insidenoir.util.middleware/app-routes
. I'm writing a Luminus-based template webapp with lib-noir 0.9.4 and my sessions always timeout at 30-minutes.Even with:
passed to app-handler.