As you may know, AppHarbify is built with Nancy. One of the reasons I decided to build it in Nancy, other than the fact that Nancy is awesome, was that I wanted to put together a real project that can be used as an example of Nancy in action. All the code for AppHarbify is available on GitHub.
To go with that I am planning to put together some blog posts talking about various aspects of the code.
To start with I am looking at sessions.
Getting Started
Nancy ships with a single session provider implemented, CookieBasedSessions. You can of course add your own.
This provider stores the session, encrypted, in the users cookies. Which is really not too bad of a solution to get started. You are up and running with a single line of code added to your ApplicationStartup method in your Bootstrapper.
Once enabled, you can simply access the Session property on Request.
Request.Session["Key"]
Now you don’t want to store too much data in a cookie-based session like this, as every request is sending the data back across the wire. Also it is theoretically possible the encryption could be broken. Side note: You can control the encryption provider with an optional second parameter to .Enable(). If you do not, then a new key is generated each time the app starts, invalidating all existing sessions.
Testing
If you do any work with sessions, you are likely to need to test them eventually. While the mechanism is a bit awkward, it is essentially pretty easy. My preferred method is to attach an event to the .Before pipeline in your testing Bootstrapper that injects the required session into the request.
By adding this simple extension method and calling it on your Bootstrapper whenever you want to test a route that needs session information, you can very simply abstract away your real session storage mechanism without adding more layers of abstraction to your actual codebase.
Future
While AppHarbify is currently running along fine using these cookie based session, for the reasons I have stated above it is not ideal. So the plan is to write Redis based session mechanism and take advantage of the easily installed Redis add-on at AppHarbor. Of course this code will be open-source and released independently of AppHarbify as a nuget package. So watch out for that!
Nice write up! A couple of observations. You can (and probably should) setup the cryptoprovider stuff using the bootstrapper, that way it will be globally changed to not use the default one
ReplyDeleteWe have talked about supporting other types of storage mechanism, like Redis, Sql server etc for sessions, caching and so on.. perhaps this is something you'd be interesting in working with us on?
Thanks