putSession from ClientSessionT is not saving the session before the redirect happens

21 views
Skip to first unread message

Andrijan Jelovic

unread,
Apr 1, 2021, 10:39:15 PMApr 1
to HAppS
Hi,

I've been trying to update a session right before redirect.  I'm using reform on the login page to catch the login credentials.   I believe they are working and I get redirected to the home page, but before the redirect, I have a update to putSession to store the new credentials.   I'm also using the reform library to handle cross site forgery requests on the login page.:

Here's the code:

loginPage :: RouteT Sitemap (ClientSessionT SessionData (ServerPartT (ReaderT EnvironmentArgs IO))) Response
loginPage = 
  do 
     environmentArgs <- ask
     homeURL         <- showURL Home
     loginURL        <- showURL Login
     loginCSSURL     <- showURL $ CSS (CSSFilename "login.css")
     topBannerCSSURL <- fmap CSSUrl (showURL $ CSS (CSSFilename "topBanner.css"))
     formHTML        <- lift $ reform (form loginURL) "loginPage" (displayMessage homeURL) Nothing loginForm
     sessionData     <- mapRouteT getSessionData askRouteT  
     ok $ toResponse $
       H.html $ do
         H.head $ do
           H.title "Eureka Login"
           H.link H.! A.href  (fromString . Data.Text.unpack $ loginCSSURL) H.! A.rel "stylesheet" H.! A.type_ "text/css"
         H.body $ do
           loginBanner (eEnvironmentName environmentArgs) (eEnvironmentVersion environmentArgs) (fmap _username (Just sessionData)) topBannerCSSURL
           formHTML
           bottomBanner
           H.p $ toMarkup $ _count sessionData
  where
    displayMessage :: Text -> LoginData -> ClientSessionT SessionData (ServerPartT (ReaderT EnvironmentArgs IO)) H.Html
    displayMessage homeURL loginData = passwordMatchedResponse loginData
      where passwordMatchedResponse :: LoginData -> ClientSessionT SessionData (ServerPartT (ReaderT EnvironmentArgs IO)) H.Html
            passwordMatchedResponse (LoginData _ (Password "")) = loginFailed
            passwordMatchedResponse (LoginData (Username "") _) = loginFailed
            passwordMatchedResponse loginData = 
              do existingSession <- getSession
                 putSession $ SessionData (lUsername loginData) 34
                 seeOther homeURL "Loading home page" 
--              return $ appTemplate "Form validation result" [] $ renderLoginData loginData
    getSessionData :: ClientSessionT SessionData (ServerPartT (ReaderT EnvironmentArgs IO)) a -> ClientSessionT SessionData (ServerPartT (ReaderT EnvironmentArgs IO)) SessionData
    getSessionData _ = getSession

The session's username is not being saved in the session and so what my homepage returns is empty string on my receiving homepage

homePage :: RouteT Sitemap (ClientSessionT SessionData (ServerPartT (ReaderT EnvironmentArgs IO))) Response
homePage = 
  do environmentArgs <- ask
     topBannerCSSURL <- fmap CSSUrl (showURL $ CSS (CSSFilename "topBanner.css"))
     sessionData     <- mapRouteT getSessionData askRouteT
     ok $ toResponse $ homePageDesign environmentArgs sessionData topBannerCSSURL
  where homePageDesign :: EnvironmentArgs -> SessionData -> CSSUrl -> H.Html
        homePageDesign eArgs sessionData cssUrl = H.html $ do
                                                    H.head $ do
                                                      H.title "Home"
                                                    H.body $ do
                                                      loginBanner (eEnvironmentName eArgs) (eEnvironmentVersion eArgs) (Just (_username sessionData)) cssUrl
                                                      H.p $ toMarkup $ (_count sessionData)
        getSessionData :: ClientSessionT SessionData (ServerPartT (ReaderT EnvironmentArgs IO)) a 
                       -> ClientSessionT SessionData (ServerPartT (ReaderT EnvironmentArgs IO)) SessionData
        getSessionData _ = do sessionData <- getSession
                              putSession $ SessionData (_username sessionData) (_count sessionData + 1)
                              return sessionData            

I do know that the session is updating because multiple reloads on the homepage increments a counter variable I have on sessionData.   

I've used seeOther, movedPermanently, and tempRedirect, but they all don't appear to respect the putSession when I attempt to validate the credentials before redirecting.  
Reply all
Reply to author
Forward
0 new messages