Finds the user ID that is associated with an AuthenticityToken.
Finds the user ID that is associated with an AuthenticityToken. If Some[Id]
is returned, that is sufficient to
show that a user's session is valid.
The AuthenticityToken to verify.
The user ID associated with the AuthenticityToken within the IdContainer
, if there is one.
Otherwise, None
.
Delays the expiration of a session by a given duration.
Delays the expiration of a session by a given duration.
The AuthenticityToken of the session to prolong.
The new duration of the session. e.g. if there is 30 minutes left in a session, and a timeout of one hour is passed, the session will expire in one hour.
A successful Future
if the session was prolonged, or a failed Future
if the session isn't valid, or
some other error occurred.
Destroys the session identified by a given token.
Destroys the session identified by a given token.
The AuthenticityToken that is paired with the session to be destroyed.
A successful Future
if the session was destroyed, or a failed Future
if an error occurred.
Opens a new session for a user, and generates an AuthenticityToken that is paired with that user's ID.
Opens a new session for a user, and generates an AuthenticityToken that is paired with that user's ID.
The ID of the session the session will be created for.
How long the session will be valid before expiring in a stateful IdContainer
.
An AuthenticityToken to be given to the user to later verify their session is valid.
An
IdContainer
's job is to manage user sessions server-side. It is responsible for creating, destroying, validating, and prolonging existing sessions.The basic workflow is:
1.) A user ID is passed to start a new session, and the
IdContainer
gives the user an AuthenticityToken in return. 2.) The user presents the AuthenticityToken as evidence that they are authenticated, and theIdContainer
confirms the validity of the token. 3.) When presenting a valid AuthenticityToken, that token's session can be prolonged. 4.) When the user logs out, theIdContainer
will no longer recognize their token as valid.The type of the user's ID, which is a primary identifier of a session.