Simple, extensible session library for Rocket applications.
- Secure: Session cookies are encrypted using Rocket's built-in private cookies
- Flexible: Use a custom struct or HashMap as your session data. Multiple storage providers available, as well as support for custom storage implementations.
- Efficient: Uses Rocket's request-local cache to minimize backend calls
Add to your Cargo.toml:
[dependencies]
rocket = "0.5"
rocket-flex-session = { version = "0.2" }Basic usage:
use rocket::routes;
use rocket_flex_session::{Session, RocketFlexSession};
#[derive(Clone)]
struct MySession {
user_id: String,
}
#[rocket::launch]
fn rocket() -> _ {
rocket::build()
.attach(RocketFlexSession::<MySession>::default())
.mount("/", routes![login])
}
#[rocket::post("/login")]
async fn login(mut session: Session<MySession>) {
session.set(MySession { user_id: "123".to_owned() });
}- Memory (default) - In-memory storage, for local development
- Cookie - Client-side encrypted cookies, serialized using serde (
cookiefeature) - Redis - Redis-backed sessions via the fred crate (
redis_fredfeature) - SQL Database - Postgres and SQLite-backed sessions via sqlx (
sqlx_postgresandsqlx_sqlitefeatures) - Custom - Custom storage possible by implementing the
SessionStoragetrait
Build authentication and authorization layers using Rocket's request guard system:
#[rocket::async_trait]
impl<'r> FromRequest<'r> for MySession {
type Error = &'r str;
async fn from_request(req: &'r Request<'_>) -> Outcome<Self, Self::Error> {
let session = req.guard::<Session<MySession>>().await.expect("should not fail");
match session.get() {
Some(data) => Outcome::Success(data),
None => Outcome::Error((Status::Unauthorized, "Not logged in")),
}
}
}See the full documentation for detailed usage examples, configuration options, and common patterns.
This project is licensed under the MIT license.