-
Notifications
You must be signed in to change notification settings - Fork 23
Home
servant-auth-cookie adds support for authentication via cookies into servant framework. It was inspired by Michael Snoyman's library client-session and based on ideas of the paper "A Secure Cookie Protocol" by Alex Liu et al. Session data is stored in cookies in encrypted form, so the client is unable to read nor forge it.
Library comes with an example that uses the most of the API. It might help you to understand how to use the library.
To run the example enable flag build-examples and run executable example:
cabal configure -f build-example -f servant91
cabal run example
(Note: it's recommended to use >= 0.9.1.* versions of servant for more features will be enabled.)
This will launch local server at 8080 port. It's a simple
three/four-paged web site that will show the private page only if a
correct cookie is presented. For valid accounts see usersDB list in
example/AuthAPI.hs.
- Getting started
- Advanced configuration
- Server keys management
- Security considerations
- Protocol specification
- Hackage documentation
- "A Secure Cookie Protocol" paper by Alex Liu et al.
- client-session, framework-agnostic haskell library with similar concepts, by Michael Snoyman.
- Session::Storage::Secure, perl library with the same concepts, by David Golden.