Session Management

Stateful authentication and data persistence using secure, HttpOnly cookies with in-memory storage.

Simple & Secure State

SoliLang provides a robust session management system out of the box. It handles cookie generation, validation, and storage automatically, allowing you to focus on building your application features rather than reinventing authentication flows.

1 Basic Operations

Use the built-in session helper functions to read, write, and manage user data.

controllers/session_controller.soli

// 1. Write data to the session
session_set("user_id", 42);
session_set("username", "alice_w");
session_set("role", "admin");

// 2. Read data (returns null if not found)
let current_user = session_get("username");

// 3. Check if key exists
if session_has("user_id") {
    print("User is authenticated!");
}

// 4. Remove specific data
session_delete("flash_message");

// 5. Clear everything (logout)
session_destroy();

2 Security Best Practices

Session Fixation Protection

When a user logs in or elevates privileges, always regenerate the session ID. This prevents session fixation attacks where an attacker tricks a user into using a known session ID.

controllers/auth_controller.soli

fn login(req: Any) -> Any {
    let credentials = req["body"];
    
    if verify_user(credentials) {
        // CRITICAL: Regenerate session ID before setting sensitive data
        session_regenerate();
        
        session_set("authenticated", true);
        session_set("user_id", credentials["id"]);
        
        return redirect("/dashboard");
    }
    
    return render("login", { "error": "Invalid credentials" });
}

Experience Secure Sessions

Try the login demo to see cookie management, session persistence, and secure logout in action.