This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2018-07-05
Channels
- # beginners (53)
- # boot (6)
- # braveandtrue (12)
- # cider (50)
- # cljs-dev (24)
- # clojure (60)
- # clojure-finland (1)
- # clojure-ireland (1)
- # clojure-italy (50)
- # clojure-kc (1)
- # clojure-nl (20)
- # clojure-norway (1)
- # clojure-portugal (1)
- # clojure-russia (2)
- # clojure-sanfrancisco (1)
- # clojure-sweden (1)
- # clojure-uk (176)
- # clojurescript (58)
- # cursive (14)
- # datomic (23)
- # emacs (4)
- # events (16)
- # fulcro (35)
- # graphql (48)
- # hyperfiddle (9)
- # jobs (5)
- # mount (4)
- # onyx (13)
- # overtone (1)
- # play-clj (2)
- # re-frame (91)
- # reagent (9)
- # reitit (9)
- # shadow-cljs (102)
- # sql (3)
- # testing (3)
- # tools-deps (3)
Does anyone have any good resources or blog posts that will walk me through cookie based sessions with Clojure and Compojure? I can find resources for cookies in compojure, I can find resources for sessions in clojure, I can't seem to find any resources specifically using cookies in compojure to make user sessions though. Search results are basically all JWT localstorage stuff, or not complete or detailed enough to be of use to me.
Really, I doubt my application is going to be used by very many people, but I hope you guys understand. My biggest fear is probably some innocent person's privacy being compromised because I didn't take the time to implement sessions properly and leaked their data or something, I'm not storing any personal info or anything, but I want to do it right and make my app look as professional as possible to help me find a job in Clojure.
@aliceare you looking to store all the session data in an encrypted client cookie, or just have like a session id in the cookie and store the session data server side?
@michael.gaare Leaving out the server feels cleaner, but then do I lose the ability to invalidate cookies and stuff? I'd ideally like to do it as by-the-book as possible and I feel like a server backed implementation is the way to go for that. (Unless your opinion is that I should go the other way)
If everything is client-side, you'd need to introduce some stateful system to handle cookie invalidation. Something like how client cert invalidation works, perhaps, where there's a revocation list. Anyway, I don't think there's any one "by-the-book" way to do authentication and session management. JWT is popular these days, and it's sort of a hybrid. You can stuff session data into the token so the server can be stateless, but it has built-in expiration and you'll need something that handles the issuing/renewal flow. There's some pretty good stuff for that here: https://github.com/funcool/buddy
I’ve been down the same Rabbit hole @alice and in the end, using a cookie to look up a database backed session is the simplest solution - if you control both front end and backend.
Database of course is optional, but you probably don’t want people being logged out when you restart the server, so...
@alice @mg You might also want to check out this article on the hazards of using JWT for auth http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/
I'm having trouble getting the sample code at https://gist.github.com/philippkueng/11377226 to work. It's supposed to retrieve a photo from the web and save it to disk. If I do this, I get a response that looks OK:
(client/get "
But if I try to extract the byte-array from the map, it has length 0:
(count ((client/get "
I'm sure this is something dumb/simple, but I can't figure out what it is.
shouldnt that be (count (thing)) not (count ((thing))) or (count (get (thing) :body)) or (count (:body (thing)))
where (thing) = (client/get “https://upload.wikimedia.org/wikipedia/en/a/a9/Example.jpg” {:as :byte-array})
My profiles.clj file starts with: {:dev {:env {:env-name. I need to load it in CURSIVE REPL in order for me to be able to use (:env-name env) in my REPL testing. My ns declaration include: (:require [environ.core :refer [env]]
@somedude314 asking in #cursive might help you better
@rahul080327 sorry, I didn't notice that channel.
not a problem at all 🙂
@bherrmann I think that the get function returns a map, and that the :body key in the map contains a byte-array
@astrashe Yeah there’s something odd going on with that. I’ve tried a couple of things, and I keep getting empty bodies trying to GET images.
@astrashe I’m having more luck with {:as :stream}
- the resulting InputStream actually has data in it
is it possible to connect a repl to an already running instance of leiningen?
Quick question: How can I make #object[org.bson.types.ObjectId 0x4870b439 "5b3e6525babb8b41f0f63a62"]
into a Clojure type I can work with?
Hmm @mario.cordova.862 are you using a BSON encoding/decoding library?
it looks like you're working with a BSON object, how did you end up with one?
That's very different behavior... testing is returning the reference instead of the value
oh, the ID is in there actually, at the end...
um, i guess you could (str result) and do some manipulation on it, but honestly there is probably a cleaner way than string manipulating the reference obj
what is the discrepancy between your live/production version and your testing invokation if anything?
(ObjectId.) ?
what does (get-by-id "") do?
oh, nevermind, i see. good, i'm glad it works
Hi, how do I compile with Java 1.7 instead of Java 1.8 when my production box complains about a major/minor version mismatch?
there's a javac flag for this, and there's a way to set that in your project manager config https://stackoverflow.com/questions/15492948/javac-source-and-target-options
@mario.cordova.862 You can just call str on mongo ObjectIds
@orestis What do you mean by using them in a query? Because in order to query mongo it seems like they have to be in string format
That would be very surprising. Are you using monger? It definitely expects ids to be ObjectIds.