Session cookies + conversation ownership checks.
Each browser gets a stube_sid cookie minted on first visit; that
value is recorded on the conversation as :conv/owner-token when the
cid is created. Subsequent requests for that cid are accepted only
when the cookie matches the stored token. This is the single
primitive authorized? both http and halos handlers use.
Session cookies + conversation ownership checks. Each browser gets a `stube_sid` cookie minted on first visit; that value is recorded on the conversation as `:conv/owner-token` when the cid is created. Subsequent requests for that cid are accepted only when the cookie matches the stored token. This is the single primitive [[authorized?]] both http and halos handlers use.
(authorized? req cid)True when the request's session cookie matches the cid's recorded owner-token, or when the conversation has no owner-token (legacy).
True when the request's session cookie matches the cid's recorded owner-token, or when the conversation has no owner-token (legacy).
(cookie-map {:keys [headers]})Parse the Cookie header into a {name → value} map.
Parse the Cookie header into a `{name → value}` map.
(ensure-session req)Return [sid set-cookie-header-or-nil]. The Set-Cookie value is
only non-nil on the first request from a fresh browser.
Return `[sid set-cookie-header-or-nil]`. The `Set-Cookie` value is only non-nil on the first request from a fresh browser.
(forbidden-response)403 body sent when authorized? returns false.
403 body sent when [[authorized?]] returns false.
(request-session req)Return the stube_sid cookie value on the request, or nil.
Return the `stube_sid` cookie value on the request, or nil.
cljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs |
| ← | Move to previous article |
| → | Move to next article |
| Ctrl+/ | Jump to the search field |