Set default session store as cookie store

weavejester · weavejester · commit 546ac8dcebb1 · 2023-09-08T20:26:21.000+01:00
Fixes #34.
diff --git a/src/ring/middleware/defaults.clj b/src/ring/middleware/defaults.clj
@@ -3,6 +3,7 @@
   (:require [ring.middleware.x-headers :as x]
             [ring.middleware.flash :refer [wrap-flash]]
             [ring.middleware.session :refer [wrap-session]]
+            [ring.middleware.session.cookie :refer [cookie-store]]
             [ring.middleware.keyword-params :refer [wrap-keyword-params]]
             [ring.middleware.nested-params :refer [wrap-nested-params]]
             [ring.middleware.anti-forgery :refer [wrap-anti-forgery]]
@@ -18,6 +19,8 @@
             [ring.middleware.ssl :refer [wrap-ssl-redirect wrap-hsts wrap-forwarded-scheme]]
             [ring.middleware.proxy-headers :refer [wrap-forwarded-remote-addr]]))
 
+(def default-session-store (cookie-store))
+
 (def api-defaults
   "A default configuration for a HTTP API."
   {:params    {:urlencoded true
@@ -42,7 +45,8 @@
                :keywordize true}
    :cookies   true
    :session   {:flash true
-               :cookie-attrs {:http-only true}}
+               :cookie-attrs {:http-only true}
+               :store default-session-store}
    :security  {:anti-forgery   true
                :frame-options  :sameorigin
                :content-type-options :nosniff}
diff --git a/test/ring/middleware/defaults_test.clj b/test/ring/middleware/defaults_test.clj
@@ -31,6 +31,20 @@
         (is (.startsWith set-cookie "ring-session="))
         (is (.contains set-cookie "HttpOnly")))))
 
+  (testing "cookie round trip"
+    (let [handler (-> (fn [{:keys [session]}]
+                        (-> (response (str (:x session 1)))
+                            (assoc :session (update session :x (fnil inc 1)))))
+                      (wrap-defaults site-defaults))
+          resp1   (handler (request :get "/"))]
+      (is (= "1" (:body resp1)))
+      (let [cookie (->> (get-in resp1 [:headers "Set-Cookie"])
+                        (first)
+                        (re-find #"^ring-session=.*?;"))
+            resp2  (handler (-> (request :get "/")
+                                (header "Cookie" cookie)))]
+        (is (= "2" (:body resp2))))))
+
   (testing "default charset"
     (let [handler (-> (constantly (-> (response "foo") (content-type "text/plain")))
                       (wrap-defaults site-defaults))
