Skip to content

Commit

Permalink
Initialize session by default + allow custom options map.
Browse files Browse the repository at this point in the history 
The default of :saveUninitialized was changed from false to true. With the false setting sessions were not being established correctly without auth middleware, resulting in a session ID that changed on every request (even fetch and media loading requests).
  • Loading branch information
@chr15m
chr15m committed Sep 30, 2024
1 parent 237a436 commit 4928402
Showing 1 changed file with 18 additions and 10 deletions.
28 changes: 18 additions & 10 deletions src/sitefox/web.cljs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,23 +49,31 @@
* Writing rotating logs to `logs/access.log`.
* Setting up sessions in the configured database.
* Parse cookies and body."
[app]
* Parse cookies and body.
Pass the `session-options` map to configure the `express-sessions` package.
Sitefox defaults will be shallow-merged with the options map passed in."
[app & [session-options]]
; emit a warning if SECRET is not set
(when (nil? (env "SECRET")) (js/console.error "Warning: env var SECRET is not set."))
(let [logs (path/join server-dir "/logs")
access-log (.createStream rfs "access.log" #js {:interval "7d" :path logs})
kv-session (db/kv "session")
store (create-store kv-session)]
; set up sessions table
(.use app (session #js {:secret (env "SECRET" "DEVMODE")
:saveUninitialized false
:resave true
:cookie #js {:secure "auto"
:httpOnly true
; 10 years
:maxAge (* 10 365 24 60 60 1000)}
:store store}))
(.use app
(session
(clj->js
(merge
{:secret (env "SECRET" "DEVMODE")
:saveUninitialized true
:resave true
:cookie {:secure "auto"
:httpOnly true
; 10 years
:maxAge (* 10 365 24 60 60 1000)}
:store store}
(js->clj session-options :keywordize-keys true)))))
; set up logging
(.use app (morgan "combined" #js {:stream access-log})))
; configure sane server defaults
Expand Down

0 comments on commit 4928402

Please sign in to comment.