How do I "remove" a session?

[abailly]

There is a comment hinting at some way to do that:

----------------------------------------------------------------------------
-- Add/remove session

-- | Add cookie header to response. The function can throw the same
-- exceptions as 'encryptSession'.
addSession

but no corresponding function.

[ThomasCrevoisier]

Hey @abailly,

I'm currently using removeSession but struggle with it. Do you have a code sample to see how you integrate it in a Servant app ?

[abailly]

Hello,
Here is a place where I use it in my code:

doLogout :: AuthCookieSettings -> UserAccount -> m ()
doLogout settings _ = lift (removeSession settings ())

It's very simple actually... The tricky part is to understand where the session comes from.

[ThomasCrevoisier]

@abailly Thanks for your reply !

My api is defined like this

"api" :> "logout" :> AuthProtect "cookie-auth" :> Get '[JSON] (Headers '[Header "Set-Cookie" ByteString] ())

And for the moment the handler looks like yours : logoutServer _ = removeSession settings ()

Though, I've got this error :

No instance for (ToHttpApiData ByteString)
        arising from a use of ‘removeSession’

And I don't quite understand where the problem is 🤔

[abailly]

I have similar code and it works like a charm, except the action is POST and not a GET. For each AuthProtect a you have to define which type is computed by type family AuthServerData, e.g. :

type instance AuthServerData (AuthProtect "cookie-auth") =  X

it might be that X leads to some type which requires implementation of ToHttpApiData ?

[ThomasCrevoisier]

I was inspired by what's in the example/ folder so I didn't had to write type instance AuthServerData ... until now.

Here is the code if you have the time to take a quick look (sorry it's a bit drafty...)

[abailly]

It compiles OK here... Might be a version problem?

[ThomasCrevoisier]

Arf, damned >.< Which stackage resolver are you using ?

[abailly]

7.10

…

-- Arnaud Bailly twitter: abailly skype: arnaud-bailly linkedin: http://fr.linkedin.com/in/arnaudbailly/

On Fri, Jan 13, 2017 at 10:30 PM, Thomas Crevoisier < ***@***.***> wrote: Arf, damned >.< Which resolver are you using ? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#22 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AACdHTOYf6-Io_P1grZVS-q9343BGgduks5rR4qCgaJpZM4K8OI8> .

[ThomasCrevoisier]

Do you point directly to the github repo of servant-auth-cookie ? I don't find the version 4.2 in this snapshot

[abailly]

hmm, yes.

…

-- Arnaud Bailly twitter: abailly skype: arnaud-bailly linkedin: http://fr.linkedin.com/in/arnaudbailly/

On Fri, Jan 13, 2017 at 10:36 PM, Thomas Crevoisier < ***@***.***> wrote: Do you point directly to the github repo of servant-auth-cookie ? I don't find the version 4.2 in this snapshot <https://www.stackage.org/haddock/lts-7.10/servant-auth-cookie-0.3.2/Servant-Server-Experimental-Auth-Cookie.html> — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#22 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AACdHTTfrWLoiz0LQSHsV7AE0aZvrQOuks5rR4vXgaJpZM4K8OI8> .

[ThomasCrevoisier]

Could you share your stack.yaml please ? ^^

[abailly]

It's really simple: resolver: lts-7.10 packages: - 'assets' # temporary reference to 3rdpaerty libraries # TODO remove once library is published - servant-auth-cookie - system-extra - hdo # propellor needs patching to handle remote execution without local commits - propellor extra-deps: - hjson-1.3.2 - http-client-0.4.31.2 I think the problem comes from the version: I use a version from my fork as a submodule and it is not uptodate with HEAD.

…

-- Arnaud Bailly twitter: abailly skype: arnaud-bailly linkedin: http://fr.linkedin.com/in/arnaudbailly/

On Fri, Jan 13, 2017 at 11:06 PM, Thomas Crevoisier < ***@***.***> wrote: Could you share your stack.yaml please ? ^^ — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#22 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AACdHTZ28gf1YjEPvZUY60Zp93e8zdzwks5rR5L9gaJpZM4K8OI8> .