On Fri, Dec 18, 2015 at 12:55 PM, Török Edwin wrote: > On 12/17/2015 08:51 PM, Spiros Eliopoulos wrote: > > Hey List, > > > > I'm happy to announce the initial release of ocaml-session: > > > > https://github.com/inhabitedtype/ocaml-session > > > > ocaml-session is an session manager that handles cookie headers and > backend storage for HTTP servers. The library supports CoHTTP and > Webmachine; Async and Lwt; and pluggable backing stores based on a functor > interface. > > Nice! > > > > > The library ships with an in-memory backend (for development and > testing) and a postgresql-ocaml[0] based backend. > > How about signed cookies as a storage backend? > Python Flask and Django can use it to store session entirely in the > cookies with an hmac signature and expiration time, so your server can be > entirely stateless. > As long as the amount of data in your session is small, and all you need > is authenticated data (and not secret data) I think its quite an elegant > solution, > and more fitting with a functional style. > > Now of course comes the question Cryptokit or nocrypto :) > > [1] http://werkzeug.pocoo.org/docs/0.11/contrib/securecookie/ > [2] https://docs.djangoproject.com/en/1.9/topics/http/sessions/ > [3] http://pythonhosted.org/itsdangerous/ > > Here is a basic implementation of something similar to itsdangerous I wrote a few days ago for a project I'm working on, it uses nocrypto: https://gist.github.com/tizoc/975bfac960d7e5c60232 With a bit of work it could become an opam package. > > -- > Edwin Török | Co-founder and Lead Developer > > Skylable open-source object storage: reliable, fast, secure > http://www.skylable.com > > -- > Caml-list mailing list. Subscription management and archives: > https://sympa.inria.fr/sympa/arc/caml-list > Beginner's list: http://groups.yahoo.com/group/ocaml_beginners > Bug reports: http://caml.inria.fr/bin/caml-bugs > -- BD