This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2021-07-31
Channels
- # announcements (4)
- # aws-lambda (1)
- # babashka (25)
- # beginners (60)
- # calva (33)
- # cider (15)
- # cljdoc (1)
- # clojure (28)
- # clojure-dev (1)
- # clojure-europe (4)
- # clojurescript (29)
- # clojureverse-ops (4)
- # conjure (10)
- # datomic (4)
- # graalvm (4)
- # holy-lambda (4)
- # honeysql (13)
- # introduce-yourself (1)
- # lambdaisland (1)
- # missionary (11)
- # music (2)
- # off-topic (35)
- # pathom (17)
- # pedestal (20)
- # reagent (3)
- # sci (10)
- # shadow-cljs (39)
- # sql (6)
- # tools-deps (6)
- # vim (1)
Can someone please explain the back tick notation in pedestal routes definition...? e.g.
(def routes
(let [session-interceptor (middlewares/session {:store (cookie/cookie-store)})]
(route/expand-routes
[[["/" {:get `intro-form}]
["/introduce" ^:interceptors [(body-params/body-params)
middlewares/params
middlewares/keyword-params
session-interceptor]
{:post `introduction}]
["/hello" ^:interceptors [session-interceptor]
{:get `hello}]]])))
backtick isn't a pedestal thing
backtick is a clojure thing
it's the "quasiquote" operation
when you write intor-form
, it evaluates to an object, usually something like #object[...$intro_form ...]
When you do a quasiquote, it returns the symbol
you can replace
{:get `intro-form}
with
{:get (symbol "current-namespace" "intro-form")}
cool Many Thanks for the explanation!
Another noob question: I am trying to replicate the pedestal sample for session management using cookies from official http://pedestal.io . The code can be found https://github.com/pedestal/pedestal/tree/master/samples/ring-middleware. The code works great for me. But now I want to make sure that nobody can end up being asked to tell their names again once they've already done so... So I made the following modifications:
(defn intro-form
"Prompt a user for their name, then remember it"
[req]
(if (empty? (get-in req [:session :name]))
(html-response
(slurp (io/resource "hello-form.html")))
(ring-resp/redirect "/hello")))
and
(def routes
(let [session-interceptor (middlewares/session {:store (cookie/cookie-store)})]
(route/expand-routes
[[["/" ^:interceptors [session-interceptor] {:get `intro-form}]
["/introduce" ^:interceptors [(body-params/body-params)
middlewares/params
middlewares/keyword-params
session-interceptor]
{:post `introduction}]
["/hello" ^:interceptors [session-interceptor]
{:get `hello}]]])))
Now this has the desired effect. Such that once I've logged in... (so to speak) I can't go back to the login page. The problem is however that I can't create a new session even when I am opening new tabs/windows in chrome... I am sure I am missing something silly. Any help will be much appreciated!!
How can I create different cookies for different tabs...?No, you can not create a cookie for each tab. it's a web/browser issue, not a server/pedestal issue. To make behaviors like this, you will end up doing a SPA or at least, some JS code
Apologies, I am not only new to clojure/script but also web development. So a complete noob!! How is this usually handled in real life...? Any pointers... would be much appreciated!! Thanks for the quick response too!!
IMHO, its simply not handled. Why do you want to deliver different contents to different tabs?
its like setting up a session for each request... If a new tab is opened, then this is a unique request
So if somebody has used the first tab to login... say... when the same person opens the new tab... he should not be considered logged in.. right from the beginning...
or am I being pedantic... (which is quite possible ... 😁)
isn't that how it works?
like in banks websites...
My pedanticometer is telling me that I am dangerously close to being pedantic now...
Well. Maybe in traditional banks do that. But if they can, they will add a metal detector in the login and close the agency (website) at 5PM too. I would not use tradicional banks as a reference of good website experience. I would say that most of the websites that require login in a new tab do that as a "side effect", not as a intended behavior. In the way where browsers work, they implement security, sessions, storages, etc.. You can say "well, I don't trust browser security". In these case, you can do a not-website (app or something like). But use a browser, skip its default behavior and reimplement your own security policies, IMHO, is the worst combination. PS.: I'm not feeling that you are pedantic 🙂
Thanks for that!! I'll do some research on some sites that I know to understand how this login behaviour actually works... maybe I've got it wrong in my head. I am not only new to clojure but also web development. So I keep getting surprised by the usual and sundry. Thanks again!!