Decodes session. Is used in

authenticate

directive which if successful provides user to inner route. authenticate }}} user to inner route.

Encodes session. Encoded session will be encrypted and set as cookie

SessionCookieName

Default implementation redirects to 'sign-in' uri

Authenticates user and provides authenticated user, updates session cookie. On failure executes

authFailureRoute

Authenticates user from session cookie

For session debugging, override to disable encryption but ensure session is cookie-compatible:

session.replace(",", "~").replace("\"", "'")

In that case, 'decryption' would be:

session.replace("~", ",").replace("'", "\"")

Extract session from session id cookie. If cookie does not exist throws rejection

Extracts user from session, returns some user if session cookie is found and can be decoded, however, session is not validated

Deletes session-id cookie if exists

Removes session info from request, used by org.wabase.DeferredControl to calculate stable request hash

On failed authentication sets requested-uri cookie if request has not been Ajax

Default implementation returns http Unauthorized with optional challenge

Default implementation redirects to uri value stored in cookie

RequestedUriCookieName

or if cookie is missing redirects to /

Signs in (logs in) user from http request. Can be implemented as Basic authentication, OAuth ...

Default implementation redirects to /

Signs out (logs out) user. Can do all necessary cleanup. Session cookie

SessionCookieName

is deleted by

signOut

directive. Default implementation does nothing. signOut }}}

String representation of user

Checks whether expiration time greater than current time and session ip and user agent matches with those of request