A Rust implementation of Ruby's Rack::Session::Cookie encoding, compatible with Serde.

This crate only handles the encoding/decoding and message authentication, you'll have to manage setting the cookies and attributes with whichever http server or web framework you're using.

Given Rack::Session::Cookie setup in Ruby as such:

use Rack::Session::Cookie,
  coder: Rack::Session::Cookie::Base64::JSON,
  secret: "super secret",
  old_secret: "not so secret"

The Rust equivalent with this crate would be:

use rack_session::{Cookie, Base64, Json};

fn main() {
  let mut coder = Cookie::<Base64<Json>>::new("super secret");
  coder.add_read_key("not so secret");

  /// hand coder off to code handling cookies
}

This crate does not provide the option of omitting the secret parameter like the Ruby version does. It's not safe to use this style of client side session without the message authentication enabled when the secret is provided.

The Ruby Rack::Session::Cookie implements a number of 'coder' classes for serialising and deserialising the cookie value, the counterparts in this crate are as follows:

* impractical to actually use

Unfortunately there is not yet a Rust parser for Ruby's marshal format, so the default Base64::Marshal coder class can not be implemented.

use serde::{Deserialize, Serialize};

use rack_session::{Base64, Cookie, Id, Json};

#[derive(Debug, Deserialize, PartialEq, Serialize)]
struct Session {
    session_id: Id,
    user_id: Option<u64>,
    is_signed_in: bool,
}

fn main() {
    let cookie = Cookie::<Base64<Json>>::new("super secret");

    let session = Session {
        session_id: "ac762bf56f7360fc45701ff8373ed519c103762bf57bec09d5280659f59cb038".parse().unwrap(),
        user_id: Some(42),
        is_signed_in: true,
    };

    let encoded = cookie.to_string(&session).unwrap();

    let decoded = cookie.from_str::<Session>(&encoded).unwrap();

    assert_eq!(session, decoded);
}