Improve session docs #1072
Open
Improve session docs #1072
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
|
✅ Deploy Preview for solid-docs ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
✅ Deploy Preview for solid-docs ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
LadyBluenotes
requested changes
Feb 18, 2025
Comment on lines
14
to
29
| A session typically involves: | ||
|
|
||
| 1. **Session creation**: When tracking is needed (e.g., upon login or first visit), the server creates a session. | ||
| This involves: | ||
| - Generating a unique **session ID**. | ||
| - Storing the session data _encrypted and signed_ within a cookie. | ||
| 2. **Session cookie transmission**: The server sends a `Set-Cookie` HTTP header. | ||
| This instructs the browser to store the session cookie. | ||
| 3. **Subsequent requests**: The browser automatically includes the session cookie in the `Cookie` HTTP header for requests to the server. | ||
| 4. **Session retrieval and data access**: For each request, the server: | ||
| - Checks for the session cookie. | ||
| - Retrieves session data from the cookie. | ||
| - Decrypts and verifies the signature of the session data. | ||
| - Application code can access and use this data. | ||
| 5. **Session expiration and destruction**: Sessions typically expire after a time or upon user logout. | ||
| Destruction involves instructing the browser to delete the session cookie (e.g., setting an expired `Set-Cookie`). |
There was a problem hiding this comment.
I'm a little iffy about the last point in 4 - it sounds a bit off being on its own.
Suggested change
| A session typically involves: | |
| 1. **Session creation**: When tracking is needed (e.g., upon login or first visit), the server creates a session. | |
| This involves: | |
| - Generating a unique **session ID**. | |
| - Storing the session data _encrypted and signed_ within a cookie. | |
| 2. **Session cookie transmission**: The server sends a `Set-Cookie` HTTP header. | |
| This instructs the browser to store the session cookie. | |
| 3. **Subsequent requests**: The browser automatically includes the session cookie in the `Cookie` HTTP header for requests to the server. | |
| 4. **Session retrieval and data access**: For each request, the server: | |
| - Checks for the session cookie. | |
| - Retrieves session data from the cookie. | |
| - Decrypts and verifies the signature of the session data. | |
| - Application code can access and use this data. | |
| 5. **Session expiration and destruction**: Sessions typically expire after a time or upon user logout. | |
| Destruction involves instructing the browser to delete the session cookie (e.g., setting an expired `Set-Cookie`). | |
| A session typically involves: | |
| 1. **Session creation**: When tracking is needed (e.g., upon login or first visit), the server creates a session. | |
| This involves generating a unique **session ID** and storing the session data _encrypted and signed_ within a cookie. | |
| 2. **Session cookie transmission**: The server sends a `Set-Cookie` HTTP header. | |
| This instructs the browser to store the session cookie. | |
| 3. **Subsequent requests**: The browser automatically includes the session cookie in the `Cookie` HTTP header for requests to the server. | |
| 4. **Session retrieval and data access**: For each request, the server must: | |
| - Check for any session cookies, | |
| - Retrieve any session data if a cookie is present, | |
| - Decrypt and verify the signature of the session data for the application to access and use this data. | |
| 5. **Session expiration and destruction**: Sessions typically expire after period of time or upon user sign-out. | |
| The browser will delete the session cookie (e.g., setting an expired `Set-Cookie`) in order to destroy it. |
There was a problem hiding this comment.
I don't agree with some of the suggestions:
-
In the fourth point, I would remove the "must" and change the bullet points accordingly. We shouldn't "instruct" on this page according to Diataxis and the suggestion has a little instructional tone.
-
In the fifth point, there is a comma at the items, is it a typo?
-
In the fifth point, this part is confusing:
The browser will delete the session cookie (e.g., setting an expired
Set-Cookie) in order to destroy it.The browser doesn't set an expired
Set-Cookieheader to destroy the cookie. That's what the server does to signal the browser to destroy the cookie.
I think I get the heart of the suggestions. I will make some changes accordingly.
Comment on lines
39
to
43
| 1. A session ID is generated. | ||
| 2. The session data is stored in the database, associated with the session ID. | ||
| 3. Only the session ID is stored in the cookie. | ||
| 4. The session data is retrieved from the database using the session ID. | ||
| 5. Upon expiration, in addition to the session cookie, the database record containing the session data is also removed. |
There was a problem hiding this comment.
This might be better suited for a table instead of a list.
In addition, it probably doesn't have to be an ordered list since we aren't talking about a series of events here
There was a problem hiding this comment.
I'm not sure how a table can be used here. I think a bullet list is better. I made some change that hopefully makes this section more clear without using a table.
Co-authored-by: Sarah <[email protected]>
Co-authored-by: Sarah <[email protected]>
Co-authored-by: Sarah <[email protected]>
Co-authored-by: Sarah <[email protected]>
Co-authored-by: Sarah <[email protected]>
Co-authored-by: Sarah <[email protected]>
Co-authored-by: Sarah <[email protected]>
Co-authored-by: Sarah <[email protected]>
Co-authored-by: Sarah <[email protected]>
Co-authored-by: Sarah <[email protected]>
LadyBluenotes
approved these changes
Feb 25, 2025
LadyBluenotes
requested changes
Feb 25, 2025
Comment on lines
+13
to
+23
| 1. **Session creation**: When tracking is needed (e.g., upon login or first visit), the server creates a session. | ||
| This involves generating a unique **session ID** and storing the session data, _encrypted and signed_, within a cookie. | ||
| 2. **Session cookie transmission**: The server sends a `Set-Cookie` HTTP header. | ||
| This instructs the browser to store the session cookie. | ||
| 3. **Subsequent requests**: The browser automatically includes the session cookie in the `Cookie` HTTP header for requests to the server. | ||
| 4. **Session retrieval and data access**: For each request, the server: | ||
| 1. Checks for the session cookie. | ||
| 2. Retrieves the session data if a cookie is present. | ||
| 3. Decrypts and verifies the signature of the session data for the application to access and use this data. | ||
| 5. **Session expiration and destruction**: Sessions typically expire after a period of time or upon user sign-out and the data is removed. | ||
| This is done by setting a `Max-Age` attribute on the cookie or by sending a `Set-Cookie` HTTP header with an expired date. |
There was a problem hiding this comment.
Only use ordered when you're referring to a list of steps that must be performed in order
Suggested change
| 1. **Session creation**: When tracking is needed (e.g., upon login or first visit), the server creates a session. | |
| This involves generating a unique **session ID** and storing the session data, _encrypted and signed_, within a cookie. | |
| 2. **Session cookie transmission**: The server sends a `Set-Cookie` HTTP header. | |
| This instructs the browser to store the session cookie. | |
| 3. **Subsequent requests**: The browser automatically includes the session cookie in the `Cookie` HTTP header for requests to the server. | |
| 4. **Session retrieval and data access**: For each request, the server: | |
| 1. Checks for the session cookie. | |
| 2. Retrieves the session data if a cookie is present. | |
| 3. Decrypts and verifies the signature of the session data for the application to access and use this data. | |
| 5. **Session expiration and destruction**: Sessions typically expire after a period of time or upon user sign-out and the data is removed. | |
| This is done by setting a `Max-Age` attribute on the cookie or by sending a `Set-Cookie` HTTP header with an expired date. | |
| 1. **Session creation**: When tracking is needed (e.g., upon login or first visit), the server creates a session. | |
| This involves generating a unique **session ID** and storing the session data, _encrypted and signed_, within a cookie. | |
| 2. **Session cookie transmission**: The server sends a `Set-Cookie` HTTP header. | |
| This instructs the browser to store the session cookie. | |
| 3. **Subsequent requests**: The browser automatically includes the session cookie in the `Cookie` HTTP header for requests to the server. | |
| 4. **Session retrieval and data access**: For each request, the server: | |
| - Checks for the session cookie. | |
| - Retrieves the session data if a cookie is present. | |
| - Decrypts and verifies the signature of the session data for the application to access and use this data. | |
| 5. **Session expiration and destruction**: Sessions typically expire after a period of time or upon user sign-out and the data is removed. | |
| This is done by setting a `Max-Age` attribute on the cookie or by sending a `Set-Cookie` HTTP header with an expired date. |
There was a problem hiding this comment.
The server first checks for session cookie, then retrieves the session data ...
It has an order.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description(required)
This PR improves the Sessions page in the SolidStart docs with a complete rewrite. For more information about the issues that I tried to address in this PR see this Issue.
Related issues & labels