On Fri, Dec 18, 2015 at 12:55 PM, Török Edwin <edwin+ml-ocaml@etorok.net> wrote:

On 12/17/2015 08:51 PM, Spiros Eliopoulos wrote:
> Hey List,
>
> I'm happy to announce the initial release of ocaml-session:
>
> https://github.com/inhabitedtype/ocaml-session
>
> ocaml-session is an session manager that handles cookie headers and backend storage for HTTP servers. The library supports CoHTTP and Webmachine; Async and Lwt; and pluggable backing stores based on a functor interface.

Nice!

>
> The library ships with an in-memory backend (for development and testing) and a postgresql-ocaml[0] based backend.

How about signed cookies as a storage backend?
Python Flask and Django can use it to store session entirely in the cookies with an hmac signature and expiration time, so your server can be entirely stateless.
As long as the amount of data in your session is small, and all you need is authenticated data (and not secret data) I think its quite an elegant solution,
and more fitting with a functional style.

Now of course comes the question Cryptokit or nocrypto :)

[1] http://werkzeug.pocoo.org/docs/0.11/contrib/securecookie/
[2] https://docs.djangoproject.com/en/1.9/topics/http/sessions/
[3] http://pythonhosted.org/itsdangerous/

Here is a basic implementation of something similar to itsdangerous I wrote a few days ago for a project I'm working on, it uses nocrypto:

https://gist.github.com/tizoc/975bfac960d7e5c60232

With a bit of work it could become an opam package.

--
Edwin Török | Co-founder and Lead Developer

Skylable open-source object storage: reliable, fast, secure
http://www.skylable.com

--
Caml-list mailing list. Subscription management and archives:
https://sympa.inria.fr/sympa/arc/caml-list
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners
Bug reports: http://caml.inria.fr/bin/caml-bugs