From e9ff1280d78fafeefd5791089bb59647e7c2e754 Mon Sep 17 00:00:00 2001 From: Simon Michael Date: Fri, 29 Dec 2017 10:53:41 -0800 Subject: [PATCH] web: don't write a session file at startup The .hledger-web_client_session_key.aes file written at startup is cluttersome and means hledger-web can only be started from a writable directory. What do we lose if I disable it ? https://hackage.haskell.org/package/yesod-core-1.4.33/docs/Yesod-Core.html#v:makeSessionBackend says "Default: Uses clientsession with a 2 hour timeout." http://hackage.haskell.org/package/clientsession-0.9.1.2 says "Securely store session data in a client-side cookie." I think: hledger-web saves (eg) the state of the sidebar as session data, in a cookie, and my web browser saves that locally. And this still seems to work, across server restarts. So what's the purpose of saving this "client session" file on the server ? Let's disable it and find out. --- hledger-web/Foundation.hs | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/hledger-web/Foundation.hs b/hledger-web/Foundation.hs index 59e60ec6f..90bc5d913 100644 --- a/hledger-web/Foundation.hs +++ b/hledger-web/Foundation.hs @@ -100,11 +100,13 @@ type Form x = Html -> MForm (HandlerT App IO) (FormResult x, Widget) instance Yesod App where approot = ApprootMaster $ appRoot . settings - -- Store session data on the client in encrypted cookies, - -- default session idle timeout is 120 minutes - makeSessionBackend _ = fmap Just $ defaultClientSessionBackend - (120 * 60) - ".hledger-web_client_session_key.aes" +-- -- Store session data on the client in encrypted cookies, +-- -- default session idle timeout is 120 minutes +-- makeSessionBackend _ = fmap Just $ defaultClientSessionBackend +-- (120 * 60) +-- ".hledger-web_client_session_key.aes" + -- don't use session data + makeSessionBackend _ = return Nothing defaultLayout widget = do master <- getYesod