You are looking at historical revision 25103 of this page. It may differ significantly from its current revision.

• egg

http-session

Introduction

http-session is an implementation of facilities for managing HTTP sessions of web applications.

Author

Mario Domenech Goulart

Requirements

simple-sha1, spiffy

Parameters and procedures

Parameters

session-table

[parameter] (session-table [session-table])

The session table. The default value is an empty session table (first invocation) or the currently session table (subsequent invocations). See the make-session-table procedure.

session-lifetime

[parameter] (session-lifetime [number])

The lifetime of sessions in seconds. Default is 3600s (1h).

session-id-generator

[parameter] (session-id-generator [procedure])

A zero argument procedure which generates a random unique identifier for sessions. Defaults to a procedure which concatenates current-milliseconds with the process ID and a random number between 0 and 1000 plus the current-process-id and returns its SHA-1 digest.

match-ip-address?

[parameter] (match-ip-address? [boolean])

Indicates whether http-session should match IP addresses to check if sessions are valid.

Procedures

session-create

[procedure] (session-create #!optional (bindings '()))

Creates a session and returns the session identifier.

The optional bindings argument is an alist '((symbol . value)...) of variable bindings valid for the generated session.

session-refresh!

[procedure] (session-refresh! sid)

Refreshes the session identified by sid, that is, sets the lifetime of the session identified by sid to (session-lifetime).

session-valid?

[procedure] (session-valid? sid)

Returns #t if the session identified by sid is valid. Returns #f otherwise.

A session is valid if (all items should be satisfied):

• There is a session identifier equal to sid in the session table
• The session lifetime corresponding to the session identified by sid is greater than zero
• When match-ip-address? is not #f, the IP number corresponding to the session identified by sid matches the IP number of the client

session-destroy!

[procedure] (session-destroy! sid)

Destroys the session identified by sid.

session-ref

[procedure] (session-ref sid var #!optional default)

Returns the value corresponding to VAR from the bindings alist of the session identified by sid. If the binding does not exist, DEFAULT is returned.

session-set!

[procedure] (session-set! sid var val)

Sets a value VAL for the VAR symbol in the bindings alist for the session identified by sid. If the symbol does not exist in the bindings alist, it is added to it.

session-del!

[procedure] (session-del! sid var)

Deletes the VAR symbol and its corresponding value from the bindings alist of the session identified by sid.

session-bindings

[procedure] (session-bindings sid)

Returns an alist '((variable . value) ... ) representing the bindings of the session identified by sid.

make-session-table

[procedure] (make-session-table)

Returns an empty session table.

session-set-finalizer!

[procedure] (session-set-finalizer! sid proc)

Sets a finalizer procedure (proc) for the session identified by sid. proc is an one-argument procedure which receives the session identifier as argument and is executed right before the session is destroyed.

Example

Web server

(use spiffy web-scheme-handler http-session html-tags html-utils spiffy-request-vars)
(file-extension-handlers `(("ws" . ,web-scheme-handler)))
(start-server)

index.ws

(define (page:next sid)
  (html-page
   (string-append
    (<h1> (let ((n (add1 (session-ref sid 'n 0))))
            (session-set! sid 'n n)
            (number->string n)))
    (<a> href: (string-append "?sid=" sid) "Next"))))

(let ((sid ((request-vars) 'sid)))
  (if sid
      (if (session-valid? sid)
          (begin (session-refresh! sid)
                 (page:next sid))
          (html-page "Invalid session."))
      (let ((sid (session-create)))
        (page:next sid))))

License

BSD

Version History

Version 2.5

• Replaced sha1 by simple-sha1 as dependency.

Version 2.4

• Bug fix for session-id-generator for long duration processes. The current-milliseconds value overflows the exact numbers limit for long lived process, so inexact->exact failed. Updating to this version is highly recommended.

Version 2.3

• Dropped requirement for regex

Version 2.2

• Handle the inexactness of current-milliseconds on chickens >= 4.6.0

Version 2.1

• Added the session-set-finalizer! procedure (by Moritz Heidkamp)

Version 2.0

• Some major changes
• make-session-table is now exported (it was make-table internally).
• current-url and current-ip are gone
• session-create doesn't use the url-pattern argument anymore (the session-table can be parameterized for separating web applications)
• added match-ip-address? parameter. By default, http-session ignores the IP address of the client when checking whether the session is valid. If match-ip-address? is #t, it will take the IP address into account.
• Deprecated procedures: session-delete-binding! and session-delete!
• New procedures: session-del! (to substitute session-delete-binding!) and session-destroy! (to substitute session-delete!)

Version 1.2.3

• Added parameters to export list again

Version 1.2.2

• Ported to Chicken 4

Version 1.2

• Added http-session:bindings, bug fix for http-session:set!.

Version 1.1

• Bug fix

Version 1.0

• Initial release