Red.CookieSessions 1.3.0

Simple session management middleware for RedHttpServer. Uses cookies with authentication tokens

There is a newer version of this package available.
See the version list below for details.
Install-Package Red.CookieSessions -Version 1.3.0
dotnet add package Red.CookieSessions --version 1.3.0
<PackageReference Include="Red.CookieSessions" Version="1.3.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Red.CookieSessions --version 1.3.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Cookie Sessions for RedHttpServer

Simple session management middleware for Red.

Usage

After installing and referencing this library, the Red.Request has the extension methods OpenSession(sessionData) and GetSession().

OpenSession(sessionData) will open a new session and add a header to the response associated with the request.

GetSession&lt;TSession&gt;() will return the CookieSession object wrapping the TSession-data, which has two methods: Renew() and Close(), and the field Data, which holds the session-data object

Example

class MySession 
{
    public string Username;
}
...

server.Use(new CookieSessions<MySession>(new CookieSessionSettings(TimeSpan.FromDays(1))
{   // We allow unauthenticated users to send requests to /login, so we can authenticate them
    ShouldAuthenticate = path => path != "/login" // We allow people to send requests without a valid Authorization to /login, where we can authenticate them
}));
server.Post("/login", async (req, res) =>
{
    var form = await res.GetFormDataAsync();
    if (ValidForm(form) && Authenticate(form["username"], form["password"]))
    {
        req.OpenSession(new MySession {Username = form["username"]}); // Here we just have the username as session-data
        await res.SendStatus(HttpStatusCode.OK);
    }
    else 
        await res.SendStatus(HttpStatusCode.BadRequest);
});
// Only authenticated users are allowed to /friends
server.Get("/friends", async (req, res) => 
{
    var session = req.GetSession<MySession>();
    var friends = database.GetFriendsOfUser(session.Username);
    await res.SendJson(friends);
});
server.Post("/logout", async (req, res) => 
{
    req.GetSession<MySession>().Close();
    await res.SendStatus(HttpStatusCode.OK);
});
Implementation

OpenSession will open a new session and attach a Set-Cookie header to the associated response.
This header's value contains the token used for authentication.
The token is generated using the RandomNumberGenerator from System.Security.Cryptography,
so it shouldn't be too easy to "guess" other tokens, even with knowledge of some tokens.

Cookie Sessions for RedHttpServer

Simple session management middleware for Red.

Usage

After installing and referencing this library, the Red.Request has the extension methods OpenSession(sessionData) and GetSession().

OpenSession(sessionData) will open a new session and add a header to the response associated with the request.

GetSession&lt;TSession&gt;() will return the CookieSession object wrapping the TSession-data, which has two methods: Renew() and Close(), and the field Data, which holds the session-data object

Example

class MySession 
{
    public string Username;
}
...

server.Use(new CookieSessions<MySession>(new CookieSessionSettings(TimeSpan.FromDays(1))
{   // We allow unauthenticated users to send requests to /login, so we can authenticate them
    ShouldAuthenticate = path => path != "/login" // We allow people to send requests without a valid Authorization to /login, where we can authenticate them
}));
server.Post("/login", async (req, res) =>
{
    var form = await res.GetFormDataAsync();
    if (ValidForm(form) && Authenticate(form["username"], form["password"]))
    {
        req.OpenSession(new MySession {Username = form["username"]}); // Here we just have the username as session-data
        await res.SendStatus(HttpStatusCode.OK);
    }
    else 
        await res.SendStatus(HttpStatusCode.BadRequest);
});
// Only authenticated users are allowed to /friends
server.Get("/friends", async (req, res) => 
{
    var session = req.GetSession<MySession>();
    var friends = database.GetFriendsOfUser(session.Username);
    await res.SendJson(friends);
});
server.Post("/logout", async (req, res) => 
{
    req.GetSession<MySession>().Close();
    await res.SendStatus(HttpStatusCode.OK);
});
Implementation

OpenSession will open a new session and attach a Set-Cookie header to the associated response.
This header's value contains the token used for authentication.
The token is generated using the RandomNumberGenerator from System.Security.Cryptography,
so it shouldn't be too easy to "guess" other tokens, even with knowledge of some tokens.

Release Notes

changed the way of handling denied requests, so it can be customized

NuGet packages (4)

Showing the top 4 NuGet packages that depend on Red.CookieSessions:

Package Downloads
Red.CookieSessions.EFCore
A EntityFrameworkCore session store for Red.CookieSessions
Red.CookieSessions.LiteDBStore
A LiteDB session store for Red.CookieSessions
Red.CookieSessions.SQLiteStore
A SQLite session store for Red.CookieSessions, to persists sessions
Red.CookieSessions.RedisStore
A Redis session store for Red.CookieSessions

GitHub repositories

This package is not used by any popular GitHub repositories.

Version History

Version Downloads Last updated
5.1.0 202 2/22/2020
5.0.0 300 1/3/2020
4.1.0 346 9/29/2019
4.0.1 134 9/29/2019
4.0.0 103 9/29/2019
3.1.0 183 5/16/2019
3.0.2 197 4/30/2019
3.0.1 189 3/10/2019
3.0.0 163 3/10/2019
2.2.0 238 1/9/2019
2.1.1 235 9/12/2018
2.1.0 223 9/12/2018
2.0.0 419 6/26/2018
1.3.0 316 5/20/2018
1.2.1 289 5/19/2018
1.2.0 319 5/19/2018
1.1.0 450 4/20/2018
1.0.0 348 3/26/2018
Show less