view demo/cookieSec.ur @ 2190:22117edf8fd3

After a tricky debugging session, limit visibility of type-class instances from anonymous modules
author Adam Chlipala <>
date Sun, 01 Nov 2015 16:33:14 -0500
parents 731e6aa6655a
line wrap: on
line source
cookie username : string

table lastVisit : { User : string, When : time }

fun main () =
    userO <- getCookie username;

    list <- queryX (SELECT * FROM lastVisit)
                   (fn r => <xml><tr><td>{[r.LastVisit.User]}</td> <td>{[r.LastVisit.When]}</td></tr></xml>);

    return <xml><body>
      Cookie: {[userO]}<br/>

        <tr><th>User</th> <th>Last Visit</th></tr>

      <h2>Set cookie value</h2>
      <form><textbox{#User}/> <submit action={set}/></form>

      <h2>Record your visit</h2>
      <form><submit action={imHere}/></form>

and set r =
    setCookie username {Value = r.User, Expires = None, Secure = False};
    main ()

and imHere () =
    userO <- getCookie username;
    case userO of
        None => return <xml>You don't have a cookie set!</xml>
      | Some user =>
        dml (DELETE FROM lastVisit WHERE User = {[user]});
        dml (INSERT INTO lastVisit (User, When) VALUES ({[user]}, CURRENT_TIMESTAMP));
        main ()