Session Management

Stateful authentication and data persistence using secure, HttpOnly cookies with in-memory storage.

Simple & Secure State

SoliLang provides a robust session management system out of the box. It handles cookie generation, validation, and storage automatically, allowing you to focus on building your application features rather than reinventing authentication flows.

1 Basic Operations

Use the built-in session helper functions to read, write, and manage user data.

controllers/session_controller.sl

# 1. Write data to the session
session_set("user_id", 42);
session_set("username", "alice_w");
session_set("role", "admin");

# 2. Read data (returns null if not found)
let current_user = session_get("username");

# 3. Check if key exists
if session_has("user_id") {
    print("User is authenticated!");
}

# 4. Remove specific data
session_delete("flash_message");

# 5. Clear everything (logout)
session_destroy();

2 Security Best Practices

Session Fixation Protection

When a user logs in or elevates privileges, always regenerate the session ID. This prevents session fixation attacks where an attacker tricks a user into using a known session ID.

controllers/auth_controller.sl

def login(req: Any)    let credentials = req["body"];
    
    if verify_user(credentials)
        # CRITICAL: Regenerate session ID before setting sensitive data
        session_regenerate();
        
        session_set("authenticated", true);
        session_set("user_id", credentials["id"]);
        
        return redirect("/dashboard");
    end

    render("login", { "error": "Invalid credentials" })
end

Experience Secure Sessions

Try the login demo to see cookie management, session persistence, and secure logout in action.