where the Extensions are stored?

[MrAliSalehi]

im trying to store the authorized User in the Extensions and later use them in handlers for identity purposes, I want to know if extensions are reliable for such tasks, can users somehow... change them? or is it possible to access them from external sources?
didnt find any info about it in the docs( would be nice to have that in docs tho)
maybe the title doesnt fit very well but its my main question, answer to that would also answer rest of the questions

[davidpdrsn]

im trying to store the authorized User in the Extensions and later use them in handlers for identity purposes

Yep that's a valid use case.

I want to know if extensions are reliable for such tasks, can users somehow... change them?

By "users" I suppose you mean clients calling your API, in which case no, users cannot change them. Extensions are purely a thing in http crate.. It's just a way to store additional data at runtime. They're not transmitted as part of the request or anything (that'd require serialization among other things).

For more details on how extensions are implemented see https://lucumr.pocoo.org/2022/1/6/rust-extension-map/

[MrAliSalehi]

okay so if they are not part of the request or anything, how system will remember that data? It has to be somewhere right?

[davidpdrsn]

What do you mean by "remember"? They're not saved in the application or a database or anything. Just locally in the request. Different requests don't share the same extensions.

[MrAliSalehi]

im trying to wrap my head around this and i though of it like the cookies, so when you said

They're not transmitted as part of the request

kinda confused me, but i got it now, they are basically the same thing

[davidpdrsn]

No they are not like cookies. Cookies are transmitted as part of the request. Extensions are not.

[davidpdrsn]

Maybe this helps https://blog.adamchalmers.com/what-are-extensions/?