[Caml-list] ANN: ocaml-session

[Caml-list] ANN: ocaml-session

[Spiros Eliopoulos]

[-- Attachment #1: Type: text/plain, Size: 1093 bytes --]

Hey List,

I'm happy to announce the initial release of ocaml-session:

  https://github.com/inhabitedtype/ocaml-session

ocaml-session is an session manager that handles cookie headers and backend
storage for HTTP servers. The library supports CoHTTP and Webmachine; Async
and Lwt; and pluggable backing stores based on a functor interface.

The library ships with an in-memory backend (for development and testing)
and a postgresql-ocaml[0] based backend. One of the goals of the library is
to expand the number of persistent and ephemeral storage systems
(filesystem, memcache, redis, MySQL, etc.) that are available out of the
box so that it's easy to integrate into a user's existing infrastructure.
There is already an issue open to provide a PG'OCaml-based backend[1] if
that's more of your cup of tea in terms of postgresql libraries. Anybody
who would like to contribute that should claim the issue and have at it!

As always, issues and pull requests welcomed.

-Spiros E.

[0]: https://github.com/mmottl/postgresql-ocaml
[1]: https://github.com/inhabitedtype/ocaml-session/issues/1

[-- Attachment #2: Type: text/html, Size: 1772 bytes --]

Re: [Caml-list] ANN: ocaml-session

[François Bobot]

On 17/12/2015 19:51, Spiros Eliopoulos wrote:
> ocaml-session is an session manager that handles cookie headers and backend storage for HTTP
> servers. The library supports CoHTTP and Webmachine; Async and Lwt; and pluggable backing stores
> based on a functor interface.


I praise that you kept in your library the ability of CoHTTP to use different light-thread library, 
it helps smoothen the split in the community.

Does people know if there is similarly a functorized RPC library, that would help to go from one 
world to the other? I love Async_rpc, but I'm not able to see if one can separate the kernel of the 
Async_rpc protocol, so that it could be used with an Lwt backend.

-- 
François

Re: [Caml-list] ANN: ocaml-session

[Török Edwin]

On 12/17/2015 08:51 PM, Spiros Eliopoulos wrote:
> Hey List,
> 
> I'm happy to announce the initial release of ocaml-session:
> 
>   https://github.com/inhabitedtype/ocaml-session
> 
> ocaml-session is an session manager that handles cookie headers and backend storage for HTTP servers. The library supports CoHTTP and Webmachine; Async and Lwt; and pluggable backing stores based on a functor interface.

Nice!

> 
> The library ships with an in-memory backend (for development and testing) and a postgresql-ocaml[0] based backend.

How about signed cookies as a storage backend?
Python Flask and Django can use it to store session entirely in the cookies with an hmac signature and expiration time, so your server can be entirely stateless.
As long as the amount of data in your session is small, and all you need is authenticated data (and not secret data) I think its quite an elegant solution,
and more fitting with a functional style.

Now of course comes the question Cryptokit or nocrypto :)

[1] http://werkzeug.pocoo.org/docs/0.11/contrib/securecookie/
[2] https://docs.djangoproject.com/en/1.9/topics/http/sessions/
[3] http://pythonhosted.org/itsdangerous/


-- 
Edwin Török | Co-founder and Lead Developer

Skylable open-source object storage: reliable, fast, secure
http://www.skylable.com

Re: [Caml-list] ANN: ocaml-session

[Spiros Eliopoulos]

[-- Attachment #1: Type: text/plain, Size: 1000 bytes --]

On Fri, Dec 18, 2015 at 10:55 AM, Török Edwin <edwin+ml-ocaml@etorok.net>
wrote:

> >
> > The library ships with an in-memory backend (for development and
> testing) and a postgresql-ocaml[0] based backend.
>
> How about signed cookies as a storage backend?
> Python Flask and Django can use it to store session entirely in the
> cookies with an hmac signature and expiration time, so your server can be
> entirely stateless.
> As long as the amount of data in your session is small, and all you need
> is authenticated data (and not secret data) I think its quite an elegant
> solution,
> and more fitting with a functional style.
>

This is interesting. As far as I can tell, it should be possible to
implement this as a backend without any modifications to module signatures.

Now of course comes the question Cryptokit or nocrypto :)


That decision, for better or worse, has already been made by ocaml-session:
it uses nocrypto to generate session keys.

-Spiros E.

[-- Attachment #2: Type: text/html, Size: 1852 bytes --]

Re: [Caml-list] ANN: ocaml-session

[Bruno Deferrari]

[-- Attachment #1: Type: text/plain, Size: 2010 bytes --]

On Fri, Dec 18, 2015 at 12:55 PM, Török Edwin <edwin+ml-ocaml@etorok.net>
wrote:

> On 12/17/2015 08:51 PM, Spiros Eliopoulos wrote:
> > Hey List,
> >
> > I'm happy to announce the initial release of ocaml-session:
> >
> >   https://github.com/inhabitedtype/ocaml-session
> >
> > ocaml-session is an session manager that handles cookie headers and
> backend storage for HTTP servers. The library supports CoHTTP and
> Webmachine; Async and Lwt; and pluggable backing stores based on a functor
> interface.
>
> Nice!
>
> >
> > The library ships with an in-memory backend (for development and
> testing) and a postgresql-ocaml[0] based backend.
>
> How about signed cookies as a storage backend?
> Python Flask and Django can use it to store session entirely in the
> cookies with an hmac signature and expiration time, so your server can be
> entirely stateless.
> As long as the amount of data in your session is small, and all you need
> is authenticated data (and not secret data) I think its quite an elegant
> solution,
> and more fitting with a functional style.
>
> Now of course comes the question Cryptokit or nocrypto :)
>
> [1] http://werkzeug.pocoo.org/docs/0.11/contrib/securecookie/
> [2] https://docs.djangoproject.com/en/1.9/topics/http/sessions/
> [3] http://pythonhosted.org/itsdangerous/
>
>
Here is a basic implementation of something similar to itsdangerous I wrote
a few days ago for a project I'm working on, it uses nocrypto:

https://gist.github.com/tizoc/975bfac960d7e5c60232

With a bit of work it could become an opam package.


>
> --
> Edwin Török | Co-founder and Lead Developer
>
> Skylable open-source object storage: reliable, fast, secure
> http://www.skylable.com
>
> --
> Caml-list mailing list.  Subscription management and archives:
> https://sympa.inria.fr/sympa/arc/caml-list
> Beginner's list: http://groups.yahoo.com/group/ocaml_beginners
> Bug reports: http://caml.inria.fr/bin/caml-bugs
>



-- 
BD

[-- Attachment #2: Type: text/html, Size: 3759 bytes --]