-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Better sessions in oauth example #3299
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Better sessions in oauth example #3299
Conversation
1b352f7
to
612f2e4
Compare
Would you mind expanding a bit on the motivation? Is the only issue performance? |
The main motivation is that the current example while simpler doesn't really give an example of what someone needs to know. Personally I used this example in testing, but recently discovered that this is not usable in production and thus needed to figure out what was usable. It would've saved me a lot of time if the example was usable to begin with. I think we can save a lot of people time by simply making the example include what they will need rather than forcing them to look at this example, then realise it can't be used, then find a different example that can be used. |
51e4fcb
to
6a07a5b
Compare
6a07a5b
to
36cc84a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry it takes this long, but there are a lot of unrelated changes, why did you make all of the changes like removing the AsRef
impls, the whole User
extractor and so on?
I guess the relevant changes are just using an SQL backing storage and changing the library from async-session
to tower-sessions
?
Cargo.lock
Outdated
@@ -54,12 +54,12 @@ dependencies = [ | |||
|
|||
[[package]] | |||
name = "ahash" | |||
version = "0.8.11" | |||
version = "0.8.12" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove all the unrelated updates from the PR please.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Running cargo test --no-run
changes the lock file. I didn't change it manually. Cargo thinks these changes are related.
match user { | ||
async fn index( | ||
State(AppState { store, .. }): State<AppState>, | ||
TypedHeader(cookies): TypedHeader<headers::Cookie>, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With this change the cookie is not optional anymore.
Please leave the User
extractor as is unless you have a reason to delete it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I couldn't find a way to make it work without changing it.
Updates the oauth example to use a practical approach to session management.
36cc84a
to
c0c0c16
Compare
Updates the oauth example to use a better approach to session management.
Motivation
The current approach to sessions within the oauth example is not fit for any circumstance, and if anyone where to take it at face value and use
async_sessions
their application would encounter severe performance issues. The current approach not only fails to lead users down the right path but actively leads them down the wrong path.Solution
By updating the example to use a viable approach it helps people understand the right way to solve the problem, rather than potentially misleading them.