Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

putSession from ClientSessionT is not saving the session before the redirect happens

25 views
Skip to first unread message

Andrijan Jelovic

unread,
Apr 1, 2021, 10:39:15 PM4/1/21
to HAppS
Hi,

I've been trying to update a session right before redirect.  I'm using reform on the login page to catch the login credentials.   I believe they are working and I get redirected to the home page, but before the redirect, I have a update to putSession to store the new credentials.   I'm also using the reform library to handle cross site forgery requests on the login page.:

Here's the code:

loginPage :: RouteT Sitemap (ClientSessionT SessionData (ServerPartT (ReaderT EnvironmentArgs IO))) Response
loginPage = 
  do 
     environmentArgs <- ask
     homeURL         <- showURL Home
     loginURL        <- showURL Login
     loginCSSURL     <- showURL $ CSS (CSSFilename "login.css")
     topBannerCSSURL <- fmap CSSUrl (showURL $ CSS (CSSFilename "topBanner.css"))
     formHTML        <- lift $ reform (form loginURL) "loginPage" (displayMessage homeURL) Nothing loginForm
     sessionData     <- mapRouteT getSessionData askRouteT  
     ok $ toResponse $
       H.html $ do
         H.head $ do
           H.title "Eureka Login"
           H.link H.! A.href  (fromString . Data.Text.unpack $ loginCSSURL) H.! A.rel "stylesheet" H.! A.type_ "text/css"
         H.body $ do
           loginBanner (eEnvironmentName environmentArgs) (eEnvironmentVersion environmentArgs) (fmap _username (Just sessionData)) topBannerCSSURL
           formHTML
           bottomBanner
           H.p $ toMarkup $ _count sessionData
  where
    displayMessage :: Text -> LoginData -> ClientSessionT SessionData (ServerPartT (ReaderT EnvironmentArgs IO)) H.Html
    displayMessage homeURL loginData = passwordMatchedResponse loginData
      where passwordMatchedResponse :: LoginData -> ClientSessionT SessionData (ServerPartT (ReaderT EnvironmentArgs IO)) H.Html
            passwordMatchedResponse (LoginData _ (Password "")) = loginFailed
            passwordMatchedResponse (LoginData (Username "") _) = loginFailed
            passwordMatchedResponse loginData = 
              do existingSession <- getSession
                 putSession $ SessionData (lUsername loginData) 34
                 seeOther homeURL "Loading home page" 
--              return $ appTemplate "Form validation result" [] $ renderLoginData loginData
    getSessionData :: ClientSessionT SessionData (ServerPartT (ReaderT EnvironmentArgs IO)) a -> ClientSessionT SessionData (ServerPartT (ReaderT EnvironmentArgs IO)) SessionData
    getSessionData _ = getSession

The session's username is not being saved in the session and so what my homepage returns is empty string on my receiving homepage

homePage :: RouteT Sitemap (ClientSessionT SessionData (ServerPartT (ReaderT EnvironmentArgs IO))) Response
homePage = 
  do environmentArgs <- ask
     topBannerCSSURL <- fmap CSSUrl (showURL $ CSS (CSSFilename "topBanner.css"))
     sessionData     <- mapRouteT getSessionData askRouteT
     ok $ toResponse $ homePageDesign environmentArgs sessionData topBannerCSSURL
  where homePageDesign :: EnvironmentArgs -> SessionData -> CSSUrl -> H.Html
        homePageDesign eArgs sessionData cssUrl = H.html $ do
                                                    H.head $ do
                                                      H.title "Home"
                                                    H.body $ do
                                                      loginBanner (eEnvironmentName eArgs) (eEnvironmentVersion eArgs) (Just (_username sessionData)) cssUrl
                                                      H.p $ toMarkup $ (_count sessionData)
        getSessionData :: ClientSessionT SessionData (ServerPartT (ReaderT EnvironmentArgs IO)) a 
                       -> ClientSessionT SessionData (ServerPartT (ReaderT EnvironmentArgs IO)) SessionData
        getSessionData _ = do sessionData <- getSession
                              putSession $ SessionData (_username sessionData) (_count sessionData + 1)
                              return sessionData            

I do know that the session is updating because multiple reloads on the homepage increments a counter variable I have on sessionData.   

I've used seeOther, movedPermanently, and tempRedirect, but they all don't appear to respect the putSession when I attempt to validate the credentials before redirecting.  
Reply all
Reply to author
Forward
0 new messages