Make session name and expire time configurable

spec/config_spec.cr

@@ -23,6 +23,14 @@ describe "Config" do
     config.host_binding.should eq "127.0.0.1"
   end
 
+  it "sets session values" do
+    config = Kemal.config
+    config.session["name"] = "kemal"
+    config.session["expire_time"] = 1.hours
+    config.session["name"].as(String).should eq "kemal"
+    config.session["expire_time"].as(Time::Span).should eq 1.hours
+  end
+
   it "adds a custom handler" do
     config = Kemal.config
     config.add_handler CustomTestHandler.new

spec/session_spec.cr

@@ -20,7 +20,7 @@ describe "Session" do
     # verify we got a cookie and session ID
     cookie = response.headers["Set-Cookie"]?
     cookie.should_not be_nil
-    response.cookies[Kemal::Sessions::NAME].value.should eq(sid)
+    response.cookies[Kemal.config.session["name"].as(String)].value.should eq(sid)
     lastsid = sid
     existing.should be_nil
 
@@ -33,7 +33,7 @@ describe "Session" do
     cookie2 = response.headers["Set-Cookie"]?
     cookie2.should_not be_nil
     cookie2.should eq(cookie)
-    response.cookies[Kemal::Sessions::NAME].value.should eq(lastsid)
+    response.cookies[Kemal.config.session["name"].as(String)].value.should eq(lastsid)
     existing.should eq("abc")
   end
 

src/kemal/config.cr

@@ -15,13 +15,14 @@ module Kemal
     {% end %}
 
     property host_binding, ssl, port, env, public_folder, logging,
-      always_rescue, serve_static : (Bool | Hash(String, Bool)), server, extra_options
+      always_rescue, serve_static : (Bool | Hash(String, Bool)), server, session : Hash(String, Time::Span | String), extra_options
 
     def initialize
       @host_binding = "0.0.0.0"
       @port = 3000
       @env = "development"
       @serve_static = {"dir_listing" => false, "gzip" => true}
+      @session = {"name" => "kemal_session", "expire_time" => 48.hours}
       @public_folder = "./public"
       @logging = true
       @logger = nil

src/kemal/session.cr

@@ -15,15 +15,9 @@ module Kemal
   #
   # Sessions are pruned hourly after 48 hours of inactivity.
   class Sessions
-    NAME = "SessionId"
-
     # Session Types are String, Integer, Float and Boolean
     alias SessionTypes = String | Int64 | Float64 | Bool
 
-    # I hate websites which require daily login so the default
-    # inactivity timeout is 48 hours.
-    TTL = 48.hours
-
     # In-memory, ephemeral datastore only.
     #
     # Implementing Redis or Memcached as a datastore
@@ -68,7 +62,7 @@ module Kemal
     getter! id : String
 
     def initialize(ctx : HTTP::Server::Context)
-      id = ctx.request.cookies[NAME]?.try &.value
+      id = ctx.request.cookies[Kemal.config.session["name"].as(String)]?.try &.value
       if id && id.size == 32
         # valid
       else
@@ -76,7 +70,7 @@ module Kemal
         id = SecureRandom.hex
       end
 
-      ctx.response.cookies << HTTP::Cookie.new(name: NAME, value: id, http_only: true)
+      ctx.response.cookies << HTTP::Cookie.new(name: Kemal.config.session["name"].as(String), value: id, http_only: true)
       @id = id
     end
 
@@ -99,7 +93,7 @@ module Kemal
       STORE[@id]?.try &.delete(key)
     end
 
-    def self.prune!(before = (Time.now - Kemal::Sessions::TTL).epoch_ms)
+    def self.prune!(before = (Time.now - Kemal.config.session["expire_time"].as(Time::Span)).epoch_ms)
       Kemal::Sessions::STORE.delete_if { |id, entry| entry.last_access_at < before }
       nil
     end