pub struct SessionHandler<Store> { /* private fields */ }
Expand description

Handler to enable sessions.

See crate-level docs for an overview of this crate’s approach to sessions and security.


Constructs a SessionHandler from the given [async_session::SessionStore] and secret. The secret MUST be at least 32 bytes long, and MUST be cryptographically random to be secure. It is recommended to retrieve this at runtime from the environment instead of compiling it into your application.


SessionHandler::new will panic if the secret is fewer than 32 bytes.


The defaults for SessionHandler are:

  • cookie path: “/”
  • cookie name: “trillium.sid”
  • session ttl: one day
  • same site: strict
  • save unchanged: enabled
  • older secrets: none

Although the above defaults are appropriate for most applications, they can be overridden. Please be careful changing these settings, as they can weaken your application’s security:

// this logic will be unique to your deployment
let secrets_var = std::env::var("TRILLIUM_SESSION_SECRETS").unwrap();
let session_secrets = secrets_var.split(' ').collect::<Vec<_>>();

let handler = (
    SessionHandler::new(MemoryStore::new(), session_secrets[0])

Sets a cookie path for this session handler. The default for this value is “/”

Sets a session ttl. This will be used both for the cookie expiry and also for the session-internal expiry.

The default for this value is one day. Set this to None to not set a cookie or session expiry. This is not recommended.

Sets the name of the cookie that the session is stored with or in.

If you are running multiple trillium applications on the same domain, you will need different values for each application. The default value is “trillium.sid”

Disables the save_unchanged setting. When save_unchanged is enabled, a session will cookie will always be set. With save_unchanged disabled, the session data must be modified from the Default value in order for it to save. If a session already exists and its data unmodified in the course of a request, the session will only be persisted if save_unchanged is enabled.

Sets the same site policy for the session cookie. Defaults to SameSite::Strict. See incrementally better cookies for more information about this setting

Sets the domain of the cookie.

Sets optional older signing keys that will not be used to sign cookies, but can be used to validate previously signed cookies.

Trait Implementations

Formats the value using the given formatter. Read more
Executes this handler, performing any modifications to the Conn that are desired. Read more
Performs any final modifications to this conn after all handlers have been run. Although this is a slight deviation from the simple conn->conn->conn chain represented by most Handlers, it provides an easy way for libraries to effectively inject a second handler into a response chain. This is useful for loggers that need to record information both before and after other handlers have run, as well as database transaction handlers and similar library code. Read more
Performs one-time async set up on a mutable borrow of the Handler before the server starts accepting requests. This allows a Handler to be defined in synchronous code but perform async setup such as establishing a database connection or fetching some state from an external source. This is optional, and chances are high that you do not need this. Read more
predicate function answering the question of whether this Handler would like to take ownership of the negotiated Upgrade. If this returns true, you must implement [Handler::upgrade]. The first handler that responds true to this will receive ownership of the [trillium::Upgrade][crate::Upgrade] in a subsequent call to [Handler::upgrade] Read more
This will only be called if the handler reponds true to [Handler::has_upgrade] and will only be called once for this upgrade. There is no return value, and this function takes exclusive ownership of the underlying transport once this is called. You can downcast the transport to whatever the source transport type is and perform any non-http protocol communication that has been negotiated. You probably don’t want this unless you’re implementing something like websockets. Please note that for many transports such as TcpStreams, dropping the transport (and therefore the Upgrade) will hang up / disconnect. Read more
Customize the name of your handler. This is used in Debug implementations. The default is the type name of this handler. Read more

Auto Trait Implementations

Blanket Implementations

Gets the TypeId of self. Read more
Immutably borrows from an owned value. Read more
Mutably borrows from an owned value. Read more

Returns the argument unchanged.

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Should always be Self
The type returned in the event of a conversion error.
Performs the conversion.
The type returned in the event of a conversion error.
Performs the conversion.