Best way to handle session in ions

I have an API setup using datomic ions which is essentially just a ring handler ionized (if you want to see it, it’s here). As a local setup, I’ve been setting session values with ring’s wrap-session. However this seems to cause issues when running on ion, I guess since lambda’s don’t support sessions. I don’t have an error message yet, as I’m still working through some permissions issues.

That said, what’s the recommended approach to short-term state/sessions with ions? This is for authentication, so it needs to on some level persist between API calls.

1 Like

I’m not sure how to fix your specific issues with sessions in lambda (I’m guessing you’re talking about cookie based), but I can throw out an alternative that works great for me…

Since you’re already in AWS, and i’m assuming you’re using API Gateway with a lambda proxy, you can setup a Cognito authorizer very quickly. This approach uses jwt rather than the old school session cookie stuff. The nice thing for my app on the server side, is I don’t even have to think about authentication, AWS does pretty much everything … I just have to validate that I’ve been given the data from the API gateway authorizer, and it’s there with meta data like the cognito ID and their username. Ring has some pretty nice little middleware wrappers that work like wrap-session, that work great with API gateway authorizers (just a general jwt validator).

1 Like