[Ur] Sessions

Adam Chlipala adamc at csail.mit.edu
Wed Aug 8 09:00:41 EDT 2012


On 08/07/2012 10:32 PM, Edward Z. Yang wrote:
> Has anyone written a library for managing cookie-based sessions
> in Ur/Web? Seems like functionality that one might expect to
> get out of the box. (Or are Ur/Web cookies secretly non-forgeable,
> so I can use them the "obvious" way?)
>    

I'm not aware of any such library.  Modulo the security concerns, I 
think Ur/Web's approach of passing big old closures to the web server 
automatically is superior to typical session systems.  There's also the 
experimental static checker for access control policies, which I hope I 
find a student who'd like to make more production-quality in the near 
future!  These pieces together provide a pretty good story.

But it might be nice to have a session library in the mean time.  It 
should fit nicely with Ur/Web's encapsulation features.



More information about the Ur mailing list