{"id":23613673,"url":"https://github.com/freckle/yesod-session-persist","last_synced_at":"2025-08-30T18:31:37.376Z","repository":{"id":216208235,"uuid":"740733627","full_name":"freckle/yesod-session-persist","owner":"freckle","description":"Persistent-backed sessions for Yesod","archived":false,"fork":false,"pushed_at":"2024-12-12T19:53:28.000Z","size":165,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":8,"default_branch":"main","last_synced_at":"2024-12-12T20:39:38.541Z","etag":null,"topics":["terraform-managed"],"latest_commit_sha":null,"homepage":"","language":"Haskell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/freckle.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-01-09T00:29:15.000Z","updated_at":"2024-09-24T19:51:53.000Z","dependencies_parsed_at":"2024-02-23T22:32:40.856Z","dependency_job_id":"f4cf0be0-cf72-4884-ba1c-709c1e2a87f0","html_url":"https://github.com/freckle/yesod-session-persist","commit_stats":null,"previous_names":["freckle/yesod-sql-session","freckle/yesod-session-persist"],"tags_count":3,"template":false,"template_full_name":"freckle/haskell-library-template","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/freckle%2Fyesod-session-persist","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/freckle%2Fyesod-session-persist/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/freckle%2Fyesod-session-persist/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/freckle%2Fyesod-session-persist/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/freckle","download_url":"https://codeload.github.com/freckle/yesod-session-persist/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":231515581,"owners_count":18388480,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["terraform-managed"],"created_at":"2024-12-27T17:18:40.746Z","updated_at":"2024-12-27T17:18:41.312Z","avatar_url":"https://github.com/freckle.png","language":"Haskell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# yesod-session-persist\n\n[![Hackage](https://img.shields.io/hackage/v/yesod-session-persist.svg?style=flat)](https://hackage.haskell.org/package/yesod-session-persist)\n[![CI](https://github.com/freckle/yesod-session-persist/actions/workflows/ci.yml/badge.svg)](https://github.com/freckle/yesod-session-persist/actions/workflows/ci.yml)\n\nUse this package to construct a Yesod session backend for which sessions are\nstored in a backend data store.\n\n## Features\n\n### Key rotation\n\nThe key reason to switch from client-side sessions (Yesod's default) to server storage\nis to be able to rotate keys and invalidate old credentials.\n\nWith client session storage, when a user logs out, you send them a new cookie.\nBut this does nothing to satisfy a user who is logging out because their session secret may\nhave been compromised; the old cookie value will still be a working authentication credential.\nBeing able to _revoke_ authentication credentials requires storing state on the server.\n\nWhenever user's authentication changes (but especially on logging out), users of this library\nshould use the `rotateSessionKey` action to provoke a key rotation.\nThis copies any existing session data into a new session with a different secret key,\ndeleting the session with the old key and thus disabling any outdated credentials that\nan attacker may possess.\n\n### Disabling session changes\n\nThere may be some unusual circumstances in which you want to disable the effects of session\nmanagement -- writes to the session backend and sending of session cookies -- for the\nhandling of a particular request.\nAt such times, you can use the `assignSessionFreeze` action to indicate whether the\nsession should be persisted at the end of the handling of the request.\n\n### Expiration by idle timeout\n\nThe most recent access time of each session is stored. After a configurable duration has\nelapsed without access, a session is considered to be expired. An expired session is treated\nas if it did not exist.\n\n### Expiration by absolute timeout\n\nThe creation time of each session is stored. After a configurable duration has elapsed since\nthe creation time, a session is considered to be expired, regardless of whether it is still\nin active use.\n\n### Approximate storage of access time\n\nTo avoid excessive database writes, updates which would only increment a session's access\ntime by a short duration are not performed.\nThe definition of \"a short duration\" is configurable; we call it the _timeout resolution_.\n\n## Absent features\n\n### Garbage collection\n\nGarbage collection is supported when using `memcache` as the data store. Please see 'Yesod.Session.Memcache.Storage.SessionPersistence'.\n\nThe `Yesod.Session.Persist` module _does not_ does not proactively seek out expired sessions for deletion. Thus, in the absence of some other intervention, your session table will grow without bound.\n\n## Prior art\n\n### `serversession`\n\nThis package is based on\n[serversession](https://hackage.haskell.org/package/serversession) +\n[serversession-frontend-yesod](https://hackage.haskell.org/package/serversession-frontend-yesod) +\n[serversession-backend-persistent](https://hackage.haskell.org/package/serversession-backend-persistent).\n\nCompared to `serversession`, here we simplify somewhat by concretizing to Yesod and\nPersistent rather than supporting multiple frontends and backends.\n\nTheir sessions have a concept of \"auth ID\" specifying who is logged in.\n`serversession` uses this to automatically rotate keys when the auth ID changes, and\nto provide a means for mass invalidation of all the sessions belonging to a particular user.\nWe do not borrow this concept, because it does not generalize well to more complex\nauthentication situations where a session may have been authenticated as multiple principals.\n\n---\n\n[CHANGELOG](./CHANGELOG.md) | [LICENSE](./LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffreckle%2Fyesod-session-persist","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffreckle%2Fyesod-session-persist","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffreckle%2Fyesod-session-persist/lists"}