yes, https://luminusweb.com/docs/profiles.html and I like to look at the diffs to get a feeling for what each profile does https://github.com/yogthos/luminusdiff/tree/master/src/luminusdiff

Thanks!

I’m interested to know this too

I am too

Two questions on this topic:

Should a login function set :identity on the request, or on the :session in the request?

Also, why does wrap-base call (dissoc :session) after wrap-defaults ?

> Should a login function set :identity on the request, or on the :session in the request? - request attributes live for the life of that request/response cycle - session attributes for the life of that session so if you put it on the request, the identity will be wiped once user participates in another request/response cycle. In the link below the secition ==Accessing the session== you can see some example session management. > Also, why does wrap-base call (dissoc :session) after wrap-defaults ? https://luminusweb.com/docs/sessions_cookies.html

(defn wrap-base [handler]
  (-> handler
      wrap-dev
      wrap-formats
      wrap-webjars
      (wrap-defaults
        (-> site-defaults
            (assoc-in [:security :anti-forgery] false)
            (dissoc :session)))
      wrap-flash
      wrap-session
      wrap-context
      wrap-internal-error))

@U010A2QSG9H Makes sense, I was probably confused by some incorrect code I was using as an example. I’m curious, though, if we can get the answer for the second question. Yours makes sense, though.

I think I figured it out. It's one of those details in the docs that you don't know is there until you happen across it. So, after authenticating, you want to set the :identity key on the session but then any handler called within wrap-authentication will have that value added to the request as well. So ultimately, it's in both places.