kemalcr/kemal-csrf

Include this in kemal-session itself?

Thyra opened this issue · 3 comments

Thyra commented

Is there any advantage to having this Handler as a separate shard and not including it in kemal-session itself? I can't imagine anyone who would say, "Well, actually, I would rather like to have sessions that are not CSRF-safe because I like to live dangerously" ;-).
This way with the separate shard it's just some extra complication for people who are new to Kemal.

I think this is a good idea 👍

@Thyra @sdogruyol I have tried to fix this issue a couple of time but I always run into the issue that Kemal::Session contains constants that are being set twice when I require "kemal-csrf in kemal-session because kemal-csrf requires kemal-session.

Is there a way to make sure that a constant only gets set once? Or would a better solution be to just move the CSRF class into kemal-session?

Yeah, moving CSRF into Kemal session would be feasible