Session: allow usage of Opaque token instead of cookies

[Bricklou]

Expected Behavior

I propose to change some behaviour on the SessionMiddleware to allow developers to use an Opaque Token instead of a cookie to manage session identification for the Redis backend. This change opens the possibility to keep a stateful session when working with Actix as a Rest API for mobile app in example.

Current Behavior

The current SessionMiddleware only allow session management through cookies. While it works pretty well for web application, this is not suitable for other apps like mobile or desktop applications which doesn't necessarily support cookies as well as browsers.

Possible Solution

One possibility to improve this session middleware would be to ask developers if they prefer using cookies or an Opaque Token (in this case, the /login route will require to return the tokens to let the client store it somewhere)

Context

A way to implement this use-case on the developer-side would be like the following:

let redis_store = RedisSessionStore::new("redis://redis_url").await.unwrap();

let provider = SessionProvider::opaque_token();
// or for cookies (this would propably need a builder to make it pretty to use
let provider = Sessionprovider::cookie(Key::from(&[0; 64]))
     .cookie_path("/")
     .cookie_http_only(true);

let session_middleware = SessionMiddleware::builder(redis_store)
    .provider(provider)
    .session_lifecycle(
        PersistentSession::default().session_ttl(time::Duration::days(5))
    )
    .build();

• Rust Version: 1.72.0
• Actix-session Version: 0.7.2

[Bricklou]

Update: I did some work on my side and made a small implementation that respond to my needs (based on actix-session implementation), I let you check on it: https://github.com/Bricklou/game-sync/tree/4525e8913f2c4d900428a3b223076ff32f6d1483/server-api/projects/actix-multi-session

My discord message related to the subject: https://discord.com/channels/771444961383153695/771447722795859979/1146800915265892422