search

zohl / servant-auth-cookie

Authentication via encrypted cookies
BSD 3-Clause "New" or "Revised" License
23 stars 23 forks source link

How do I "remove" a session? #22

Open abailly opened 8 years ago

abailly commented 8 years ago

There is a comment hinting at some way to do that: 

----------------------------------------------------------------------------
-- Add/remove session

-- | Add cookie header to response. The function can throw the same
-- exceptions as 'encryptSession'.
addSession

but no corresponding function.

ThomasCrevoisier commented 7 years ago

Hey @abailly,

I'm currently using removeSession but struggle with it. Do you have a code sample to see how you integrate it in a Servant app ?

abailly commented 7 years ago

Hello, Here is a place where I use it in my code:

doLogout :: AuthCookieSettings -> UserAccount -> m ()
doLogout settings _ = lift (removeSession settings ())

It's very simple actually... The tricky part is to understand where the session comes from.

ThomasCrevoisier commented 7 years ago

@abailly Thanks for your reply !

My api is defined like this

"api" :> "logout" :> AuthProtect "cookie-auth" :> Get '[JSON] (Headers '[Header "Set-Cookie" ByteString] ())

And for the moment the handler looks like yours : logoutServer _ = removeSession settings ()

Though, I've got this error : 

No instance for (ToHttpApiData ByteString)
        arising from a use of ‘removeSession’

And I don't quite understand where the problem is 🤔

abailly commented 7 years ago

I have similar code and it works like a charm, except the action is POST and not a GET. For each AuthProtect a you have to define which type is computed by type family AuthServerData, e.g. :

type instance AuthServerData (AuthProtect "cookie-auth") =  X

it might be that X leads to some type which requires implementation of ToHttpApiData ?

ThomasCrevoisier commented 7 years ago

I was inspired by what's in the example/ folder so I didn't had to write type instance AuthServerData ... until now.

Here is the code if you have the time to take a quick look (sorry it's a bit drafty...)

abailly commented 7 years ago

It compiles OK here... Might be a version problem?

ThomasCrevoisier commented 7 years ago

Arf, damned >.< Which stackage resolver are you using ?

abailly commented 7 years ago

7.10

-- Arnaud Bailly

twitter: abailly skype: arnaud-bailly linkedin: http://fr.linkedin.com/in/arnaudbailly/

On Fri, Jan 13, 2017 at 10:30 PM, Thomas Crevoisier < notifications@github.com> wrote:

Arf, damned >.< Which resolver are you using ?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/zohl/servant-auth-cookie/issues/22#issuecomment-272455751, or mute the thread https://github.com/notifications/unsubscribe-auth/AACdHTOYf6-Io_P1grZVS-q9343BGgduks5rR4qCgaJpZM4K8OI8 .

ThomasCrevoisier commented 7 years ago

Do you point directly to the github repo of servant-auth-cookie ? I don't find the version 4.2 in this snapshot

abailly commented 7 years ago

hmm, yes.

-- Arnaud Bailly

twitter: abailly skype: arnaud-bailly linkedin: http://fr.linkedin.com/in/arnaudbailly/

On Fri, Jan 13, 2017 at 10:36 PM, Thomas Crevoisier < notifications@github.com> wrote:

Do you point directly to the github repo of servant-auth-cookie ? I don't find the version 4.2 in this snapshot https://www.stackage.org/haddock/lts-7.10/servant-auth-cookie-0.3.2/Servant-Server-Experimental-Auth-Cookie.html

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/zohl/servant-auth-cookie/issues/22#issuecomment-272457058, or mute the thread https://github.com/notifications/unsubscribe-auth/AACdHTTfrWLoiz0LQSHsV7AE0aZvrQOuks5rR4vXgaJpZM4K8OI8 .

ThomasCrevoisier commented 7 years ago

Could you share your stack.yaml please ? ^^

abailly commented 7 years ago

It's really simple:

resolver: lts-7.10 packages:

-- Arnaud Bailly

twitter: abailly skype: arnaud-bailly linkedin: http://fr.linkedin.com/in/arnaudbailly/

On Fri, Jan 13, 2017 at 11:06 PM, Thomas Crevoisier < notifications@github.com> wrote:

Could you share your stack.yaml please ? ^^

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/zohl/servant-auth-cookie/issues/22#issuecomment-272464668, or mute the thread https://github.com/notifications/unsubscribe-auth/AACdHTZ28gf1YjEPvZUY60Zp93e8zdzwks5rR5L9gaJpZM4K8OI8 .