;; AJAX request
(require '[ajax.core :refer [GET POST]])
(require '[cognitect.transit :as t])
(def r (t/reader :json))
(def priorities (atom []))
(defn fetch-priorities! []
(GET "/priorities"
{:handler #(reset! priorities (t/read r %))})) ;; <------ CSRF token goes where?
Currently my application makes an ajax POST request for login and never asks the server to re-render the template. So I don't think I can inject session data into the template that way. I'm also a bit confused about cookies: aren't they necessary? But your example didn't use any.
I'll see if I can pare down some app code tomorrow morning.
(binding [*identity* (get-in request [:cookies "JSESSIONID" :value])] ... )
(get-in request [:session :identity])
(POST "/login" [user pass :as {sess :session}]
(if-let [user-map (login user pass)]
(assoc (response/ok {:user (:id user-map)}) :session (assoc sess :user user-map))
(response/unauthorized {:error "login failed"})))