Returns the :active (last active time) property of a session. The src can be a session record (Session) or any object which satisfies the Sessionable protocol and can be converted to a session. Optional session-key can be given when passing a request map.

Returns true if the given session has valid last-active time. The session can be passed directly or as a request map from which it should be extracted (in such case the optional session-key argument may be given).

Temporarily marks expired session as valid. The src can be a session record (Session) or any object which satisfies the Sessionable protocol and can be converted to a session. Optional session-key can be given when passing a request map.

Temporarily mark hard-expired session as valid.

Temporarily mark soft-expired session as valid. The src can be a session record (Session) or any object which satisfies the Sessionable protocol and can be converted to a session. Optional session-key can be given when passing a request map.

Returns a session ID from the given source and optional session key. May return a value of the :id or :err-id field. The src can be a session record (Session) or any object which satisfies the Sessionable protocol and can be converted to a session. Optional session-key can be given when passing a request map.

Returns true if the given session is expired by performing calculations on its last-active time and a configured timeout. The session can be passed directly or as a request map from which it should be extracted (in such case the optional session-key argument may be given).

Returns true if the given session is hard-expired by performing calculations on its last-active time and a configured timeout. The session can be passed directly or as a request map from which it should be extracted (in such case the optional session-key argument may be given).

Returns true if the given session is soft-expired by performing calculations on its last-active time and a configured timeout. The session can be passed directly or as a request map from which it should be extracted (in such case the optional session-key argument may be given).

Checks if the encrypted token given as encrypted-token-b64-str matches the given plain-token. Verifies its correctness by re-encrypting it with the same salt parameter as it was used when original token was created.

Returns a SessionConfig object from the given source and optional session key. The src can be a session record (Session) or any object which satisfies the Sessionable protocol and can be converted to a session. Optional session-key can be given when passing a request map.

Returns true if the given value v is an instance of SessionConfig record.

Returns a SessionControl object from the given source and optional session key. The src can be a session record (Session) or any object which satisfies the Sessionable protocol and can be converted to a session. Optional session-key can be given when passing a request map.

Returns true if the given value is an instance of a class which fully satisfies SessionControl protocol (directly or indirectly). If the indirect testing is required, the tested object must be convertable to a control object (as described by the SessionControl protocol).

Returns true if a session exists and its state is correct. Never throws an exception.

Creates a new session and puts it into a database. Returns a session record.

Returns the :created (creation time) property of a session. The src can be a session record (Session) or any object which satisfies the Sessionable protocol and can be converted to a session. Optional session-key can be given when passing a request map.

Returns true if the given session has valid creation time. The session can be passed directly or as a request map from which it should be extracted (in such case the optional session-key argument may be given).

Returns a database session ID from a session object or any other value which can be transformed into a session.

Extracts a database session ID from a secure session object, a map, or session ID. Works with session objects, maps, strings and identifiers (symbols and keywords).

Extracts a database session ID from a secure session object. Tries :db-id field and if that fails uses :id or :err-id field of a session object and parses its string representation to obtain only its first part (if it consists of multiple parts separated with a dash character).

Extracts a database session ID from a secure session ID.

Returns the :db-token (security token in a database-suitable form) property of a session. The src can be a session record (Session) or any object which satisfies the Sessionable protocol and can be converted to a session. Optional session-key can be given when passing a request map.

Deletes all session variables which belong to a user (is single-session? configuration option is true) or just variables for this session (if single-session? configuration option is false).

Deletes all session variables.

Deletes all session variables which belong to a user across all sessions.

Deletes a session variable var-name.

Deletes a session variables from var-names.

Deletes a session from a database. The session is identified by a session object or any other value which can be transformed into a session (src) with optional key (session-key) if this object is associative. Session variables are also removed.

Deletes all user sessions from a database. The sessions are identified by a user ID derived from a session object, any other value which can be transformed into a session object (src) with optional session key for associative structures, or a user ID given directly (user-id). In the last case session will only be used to obtain control object so it may be a default session without any valid identifiers in it. Session variables are also removed.

Deletes session identified with db-sid from a database db. Returns a sequence a map indicating deleted session properties, having keys :id, :user-id, :user-email and :ip.

Deletes session variables of a session identified with db-sid from a database db. Returns the number of affected rows in case of success.

Deletes sessions belonging to a used user-id from a database db. Returns a sequence of maps indicating deleted session rows, having keys :id, :user-id, :user-email and :ip.

Deletes session variables which belong to a user user-id from a database db. Returns the number of affected rows in case of success.

Returns an empty session record. Optional session-key may be given to express a key in associative structure (defaults to :session) used to perform a session lookup used to access the control object.

Returns false is src contains a session or is a session, and the session has usable identifier set (:id or :err-id field is set) or has the :error field set. Optional session-key may be given to express a key in associative structure (defaults to :session).

Encrypts the given plain-token with Scrypt algorithm using randomly generated salt. Returns a Base64-encoded string with salt and encrypted password separated with a dollar character. The encrypted password is a result of applying one-way hashing function to the plain-token and salt.

Returns an error session ID from the given source and optional session key. Works only on invalid sessions having :err-id field set. The src can be a session record (Session) or any object which satisfies the Sessionable protocol and can be converted to a session. Optional session-key can be given when passing a request map.

Returns the :error (session error) property of a session. The src can be a session record (Session) or any object which satisfies the Sessionable protocol and can be converted to a session. Optional session-key can be given when passing a request map.

Returns true if the :error (session error) property of a session is not nil. The src can be a session record (Session) or any object which satisfies the Sessionable protocol and can be converted to a session. Optional session-key can be given when passing a request map.

Returns true if the given session is marked as expired. The session can be passed directly or as a request map from which it should be extracted (in such case the optional session-key argument may be given).

Like get-var but removes session variable after it is successfully read from a database. Variable is not removed if there was a problem with reading or de-serializing it.

Like get-vars but removes session variable after it is successfully read from a database. Variables are not removed if there was a problem with reading or de-serializing them.

Returns last active time of a session identified with sid-db and selected from a database db.

Standard session getter. Uses db to connect to a database and gets data identified by sid from a table table. Returns a map.

Obtains a session object from associative structure (usually a request map req) by looking for a value associated with a session key returned by calling get-session-key.

Returns a session key as keyword by reading the given session-key, and if it is nil or false by getting a value associated with the :session-key route data key of the req, and if that fails by returning the :session keyword.

Gets a session variable and de-serializes it into a Clojure data structure.

Returns true if the value v obtained from a session variable indicates that it actually could not be successfully fetched from a database.

Gets session variables and de-serializes them into a Clojure data structures.

Gets session data from a database and processes them with session control functions and configuration options to generate a session record. When the record is created it is validated for errors and expiration times.

The results of calling this function may be memoized to reduce database hits. Note that if the cache TTL is larger than the remaining expiration time for a session, it may be required to refresh the times and re-validate the session object.

Returns true if the given session is marked as hard-expired. The session can be passed directly or as a request map from which it should be extracted (in such case the optional session-key argument may be given).

Returns a session ID from the given source and optional session key. Works only on valid sessions having :id field set. The src can be a session record (Session) or any object which satisfies the Sessionable protocol and can be converted to a session. Optional session-key can be given when passing a request map.

Returns the :id-field (field ID) property of a session. The src can be a session record (Session) or any object which satisfies the Sessionable protocol and can be converted to a session. Optional session-key can be given when passing a request map.

Returns a function which takes a request map and returns a session ID.

Returns an object updated with session record of type Session under an optional session-key if session is to be put into an associative structure (defaults to :session).

Checks if session is not secure where it should be. If :secured? option is not enabled in configuration, it returns false. If :secure? flag is set to a falsy value, it returns false. If there is no session, it returns true.

Returns negated value of the :valid? (validity) property of a session. The src can be a session record (Session) or any object which satisfies the Sessionable protocol and can be converted to a session. Optional session-key can be given when passing a request map. If there is no session, returns true.

Invalidates cache for the specific session. The src can be a session object, a request (context) map with optional session-key as a second argument, or a SessionControl object with a session ID (sid). Remote IP address (used to match cache entries along with session database ID) will be obtained from the session object if not given or nil.

Invalidates cache for multiple sessions by extracting their database IDs from maps. The sessions argument should be a sequence of maps or a sequence of Session objects. If they are maps they should have :id keys with associated database IDs. First argument should be a SessionControl object.

Returns the :ip (IP address) property of a session. The src can be a session record (Session) or any object which satisfies the Sessionable protocol and can be converted to a session. Optional session-key can be given when passing a request map.

Returns session IP state for the given session. If IP address is correct, returns nil, otherwise a SessionError record.

Generates a session ID and adds it to newly created session object. The secured? flag can be set to generate secure session ID.

Returns true if an entry associated with the given key key in a TTL map of a current handler cache has almost expired. The knee argument should be a number of milliseconds (defaults to 1000 if not given) to be added to a current time in order to shift it forward. If the entry does not exist, true is returned. Negative knee values will cause it to have 0 impact. Optional argument t may be given with a time expressed as an instant (java.time.Instant) to be used as a source of current time.

Returns true if an entry associated with the given key key in a TTL map of a current handler cache has expired. If the entry does not exist, true is returned. Optional argument t may be given with a time expressed as an instant (java.time.Instant) to be used as a source of current time.

Returns a time left to a cache expiry for an entry associated with the given key key in a TTL map of a current handler cache. The returned object is of type java.time.Duration. If the entry does not exist, nil is returned. Optional t argument may be given to express current time as java.time.Instant.

Returns a time which passed till now from the creation of an entry associated with the given key key in a TTL map of a current handler cache. The returned object is of type java.time.Duration and its value may exceed the configured TTL when there was no cache update nor eviction for the entry. Optional t argument may be given to express current time as java.time.Instant.

Retrieves an entry creation time (in milliseconds) associated with the given key in a TTL map of a current handler cache. If the entry does not exist, nil is returned.

Retrieves an expiration time (in milliseconds since the beginning of the Unix epoch) of an entry identified by the given key key in a TTL map of a current handler cache. It is calculated by adding cache’s TTL to entry’s creation time. If the entry does not exist, nil is returned.

Marks session as invalid and sets :err-id field’s value to the value of :id field, then sets :id to nil. The given object should be a session.

Marks the given session smap as valid by setting :valid? field to true, :expired? and :hard-expired? fields to false, and :error field to nil. The given object should be a session.

Returns a session if src contains a session or is a session, and the session has usable identifier set (:id or :err-id field is set) or has the :error field set. Optional session-key may be given to express a key in associative structure (defaults to :session). Returns nil if session is not usable (does not have :id, :err-id not :error set).

Returns true is src contains a session or is a session, and the session has usable identifier set (:id or :err-id field is set) or has the :error field set. Optional session-key may be given to express a key in associative structure (defaults to :session).

Returns a session record of type Session on a basis of configuration source provided and an optional session-key if session must be looked in an associative structure (defaults to :session).

Takes a session control object, predefined session objects (for malformed and empty session), expiration settings and a request map, and validates a session against the database or memoized session data. Returns a session map or dummy session map if session was not obtained (session ID was not found in a database).

Session processing handler wrapper. For the given session ID sid and remote IP address remote-ip it runs handle (from SessionControl protocol) using ctrl. Then it quickly checks if the refresh is needed (by checking whether session is expired or by calling needs-refresh?). If re-reading expiration time from a database is required, it will do it and check if the time really has changed. In such case the session data in will be updated (by refreshing just the last active time or by handling it again after cache eviction).

Re-validates session by updating its timestamp and re-running validation.

Returns true if the given session has just been prolonged. The src can be a session record (Session) or any object which satisfies the Sessionable protocol and can be converted to a session. Optional session-key can be given when passing a request map.

Puts a session variable var-name with a value value into a database.

Puts session variables with associated values (var-names-values) expressed as pairs into a database.

Checks a last-active time of the session. If the time left to expiration is smaller than the cache TTL then the session record will be updated using a database query and session cache invalidated for a session ID. Uses pre-calculated value stored in the :cache-margin field of a session record (see calc-cache-margin for more info).

Checks if a session is secure according to configured security level. If :secured? option is not enabled in configuration, it returns true. If :secure? flag is set to a truthy value, it returns it. If there is no session, it returns false.

Checks if the additional security token was validated incorrectly unless the session is not secure (in such case it returns false). Does not test if session should be secured; to check it, use secure? or insecure?.

Checks if the additional security token was validated correctly or there was not a need to validate it because the session is not secure (in such case returns true). Does not test if session should be secured; to check it, use secure? or insecure?.

Returns the :session-key (session key) property of a session. The src can be a session record (Session) or any object which satisfies the Sessionable protocol and can be converted to a session. Optional session-key can be given when passing a request map.

Returns true if the given value v is an instance of Session record.

Puts session data into a database db. Returns the number of updated rows in case of success.

Returns the given sid if it is valid after converting it to a string. Otherwise it returns nil.

Returns true if the given session ID is valid.

Returns true if the given session is marked as soft-expired. The session can be passed directly or as a request map from which it should be extracted (in such case the optional session-key argument may be given).

Returns session state. If there is anything wrong, returns a SessionError record. Otherwise it returns nil. Unknown session detection is performed by checking if a value associated with the :id key is nil and a value associated with the :err-id key is not nil. First argument must be a session object of type Session.

Updates session last active time on a database db. Returns the number of updated rows in case of success.

Returns the :user-email (user e-mail) property of a session. The src can be a session record (Session) or any object which satisfies the Sessionable protocol and can be converted to a session. Optional session-key can be given when passing a request map.

Returns the :user-id (user ID) property of a session. The src can be a session record (Session) or any object which satisfies the Sessionable protocol and can be converted to a session. Optional session-key can be given when passing a request map.

Returns a session if src contains a session or is a session, and the session is valid. Optional session-key may be given to express a key in associative structure (defaults to :session). Returns nil if session is not valid.

Returns the :valid? (validity) property of a session. The src can be a session record (Session) or any object which satisfies the Sessionable protocol and can be converted to a session. Optional session-key can be given when passing a request map. If there is no session, returns false.

Conditionally evaluates expressions from body in an implicit do when the session ID given as sid is valid. Otherwise it returns nil without evaluating anything.

Session maintaining middleware.