You are looking at historical revision 20897 of this page. It may differ significantly from its current revision.
http-session
http-session is an implementation of facilities for managing HTTP sessions of web applications.
Author
License
BSD
Requirements
Parameters and procedures
Parameters
[parameter] (session-table [session-table])The session table. The default value returns an empty session table (first invocation) or the currently session table (subsequent invocations). See the make-session-table procedure.
[parameter] (session-lifetime [number])The lifetime of sessions in seconds. Default is 3600s (1h).
[parameter] (session-id-generator [procedure])A zero argument procedure which generates a random unique identifier for sessions. Defaults to a procedure which concatenates current-milliseconds with the process ID and a random number between 1000 and current-milliseconds and results its SHA-1 digest.
[parameter] (match-ip-address? [boolean])Indicates whether http-session should match IP addresses to check if sessions are valid.
Procedures
[procedure] (session-create #!optional (bindings '()))Creates a session and returns the session identifier.
The optional bindings argument is an alist '((symbol . value)...) of variable bindings valid for the generated session.
[procedure] (session-refresh! sid)Refreshes the session identified by sid, that is, sets the lifetime of the session identified by sid to (session-lifetime).
[procedure] (session-valid? sid)Returns #t if the session identified by sid is valid. Returns #f otherwise.
A session is valid if (all items should be satisfied):
- There is a session identifier equal to sid in the session table
- The session lifetime corresponding to the session identified by sid is greater than zero
- When match-ip-address? is not #f, the IP number corresponding to the session identified by sid matches the IP number of the client
Destroys the session identified by sid.
[procedure] (session-ref sid var #!optional default)Returns the value corresponding to VAR from the bindings alist of the session identified by sid. If the binding does not exist, DEFAULT is returned.
[procedure] (session-set! sid var val)Sets a value VAL for the VAR symbol in the bindings alist for the session identified by sid. If the symbol does not exist in the bindings alist, it is added to it.
[procedure] (session-del! sid var)Deletes the VAR symbol and its corresponding value from the bindings alist of the session identified by sid.
[procedure] (session-bindings sid)Returns an alist '((variable . value) ... ) representing the bindings of the session identified by sid.
[procedure] (make-session-table)Returns an empty session table.
[procedure] (session-set-finalizer! sid proc)Sets a finalizer procedure (proc) for the session identified by sid. proc is an one-argument procedure which receives the session identifier as argument and is executed right before the session is destroyed.
Example
Web server
(use spiffy web-scheme-handler http-session html-tags html-utils spiffy-request-vars) (file-extension-handlers `(("ws" . ,web-scheme-handler))) (start-server)
index.ws
(define (page:next sid) (html-page (string-append (<h1> (let ((n (add1 (session-ref sid 'n 0)))) (session-set! sid 'n n) (number->string n))) (<a> href: (string-append "?sid=" sid) "Next")))) (let ((sid ((request-vars) 'sid))) (if sid (if (session-valid? sid) (begin (session-refresh! sid) (page:next sid)) (html-page "Invalid session.")) (let ((sid (session-create))) (page:next sid))))
Version History
- 2.4
- Bug fix for session-id-generator for long duration processes. The current-milliseconds value overflows the exact numbers limit for long lived process, so inexact->exact failed. Updating to this version is highly recommended.
- 2.3
- Dropped requirement for regex
- 2.2
- Handle the inexactness of current-milliseconds on chickens >= 4.6.0
- 2.1
- Added the session-set-finalizer! procedure (by Moritz Heidkamp)
- 2.0
- Some major changes
- make-session-table is now exported (it was make-table internally).
- current-url and current-ip are gone
- session-create doesn't use the url-pattern argument anymore (the session-table can be parameterized for separating web applications)
- added match-ip-address? parameter. By default, http-session ignores the IP address of the client when checking whether the session is valid. If match-ip-address? is #t, it will take the IP address into account.
- Deprecated procedures: session-delete-binding! and session-delete!
- New procedures: session-del! (to substitute session-delete-binding!) and session-destroy! (to substitute session-delete!)
- 1.2.3
- Added parameters to export list again
- 1.2.2
- Ported to Chicken 4
- 1.2
- added http-session:bindings, bug fix for http-session:set!.
- 1.1
- bug fix
- 1.0
- initial release