Fork me on GitHub
Chris Lester20:01:48

I have a newbie pedestal question around sessions. I am bringing a new service up and followed the service example using the middlewares/session (using cookies for brevity .. will move this to a cache/db later).

(let [key (random/bytes 16)
        _ (log/info :service-init {:session-key (.toString key)})
        session-interceptor (middlewares/session {:store (cookie/cookie-store {:key key})}) 
        common-interceptors [(body-params/body-params) http/html-body http/json-body]
        routes #{;; public apis
                 ["/login" :get [auth-login] :route-name :login]

                 ;; authenticated APIs:
                 ["/login-user" :get [auth-login-user util/html-render session-interceptor welcome-interceptor] :route-name :login-user]
                 ["/logout/" :get [auth-validate auth-logout] :route-name :logout]}
The auth-login-user is an interceptor that looks like this:
                                {:name ::code-exchange
                                 :enter (fn [{:keys [request session interceptors query-params path-params route] :as ctx}]
                                          ;; code exchange -> verify response -> verify token --> authenticated
                                          (let [response (perform-code-exchange {:request request
                                                                                :code-path code-path
                                                                                :grant-type token-exchange
                                                                                :m2m-config m2m
                                                                                :jwk-endpoint jwk-endpoint
                                                                                :token-endpoint token-endpoint
                                                                                :redirect-uri redirect-uri
                                                                                :required? required?})
                                                auth-token (-> response :body (json/decode keyword) :access_token)]
                                            (-> ctx
                                                (assoc-in [:response :session] (get-in [:request :session] ctx))
                                                (assoc-in [:response :session :auth-token] auth-token))))})
The session doesn't exist in the ctx, but following the docs on middlewares/session to copy it over if it does. Testing the login-user redirect I see a default cookie, but not one with the key provided. I also don't see any :session-key in the context map .. and associating a [:response :session] to the response map does not seem to add one. In fact, I'm not sure I understand how to get any modifications of the response map (for example, added something to the [:response :request :header] map) to show up on the client side. Is there some obvious thing I'm missing, or a more complete example that I can use?

Chris Lester21:01:11

Found the problem in my html-render interceptor. I should change the namespace name to avoid thinking it's ring util when I'm tired I think. It was overwriting the response with the result from the html render.