From a3c64baeba60f9330da001c72b579b5425b7c9bf Mon Sep 17 00:00:00 2001
From: Daw-Ran Liou <dawran6@gmail.com>
Date: Fri, 4 Oct 2019 10:48:53 -0700
Subject: [PATCH] Change session middleware's default to off

When `:session` key is absent in the route data, the session middleware will not
be attached to the route. To enable the middleware, the user at least need to
use an empty map `{}` for the `:session`, which uses the default options.
---
 .../src/reitit/ring/middleware/session.clj    |  7 +++---
 .../reitit/ring/middleware/session_test.clj   | 25 ++++++++++++++-----
 2 files changed, 23 insertions(+), 9 deletions(-)

diff --git a/modules/reitit-middleware/src/reitit/ring/middleware/session.clj b/modules/reitit-middleware/src/reitit/ring/middleware/session.clj
index e0300204..ea3a0cf0 100644
--- a/modules/reitit-middleware/src/reitit/ring/middleware/session.clj
+++ b/modules/reitit-middleware/src/reitit/ring/middleware/session.clj
@@ -31,9 +31,10 @@
 
   | key          | description |
   | -------------|-------------|
-  | `:session`   | A map of options that passes into the [`ring.middleware.session/wrap-session](http://ring-clojure.github.io/ring/ring.middleware.session.html#var-wrap-session) function`."
+  | `:session`   | A map of options that passes into the [`ring.middleware.session/wrap-session](http://ring-clojure.github.io/ring/ring.middleware.session.html#var-wrap-session) function`, or an empty map for the default options. The absence of this value will disable the middleware."
   {:name    :session
    :spec    ::spec
    :compile (fn [{session-opts :session} _]
-              (let [session-opts (merge {:store store} session-opts)]
-                {:wrap #(session/wrap-session % session-opts)}))})
+              (if session-opts
+                (let [session-opts (merge {:store store} session-opts)]
+                  {:wrap #(session/wrap-session % session-opts)})))})
diff --git a/test/clj/reitit/ring/middleware/session_test.clj b/test/clj/reitit/ring/middleware/session_test.clj
index efaf41f7..5006d57c 100644
--- a/test/clj/reitit/ring/middleware/session_test.clj
+++ b/test/clj/reitit/ring/middleware/session_test.clj
@@ -11,11 +11,11 @@
   [request]
   (let [pattern  #"ring-session=([-\w]+);Path=/;HttpOnly"
         parse-fn (partial re-find pattern)]
-    (-> request
-        (get-in [:headers "Set-Cookie"])
-        first
-        parse-fn
-        second)))
+    (some-> request
+            (get-in [:headers "Set-Cookie"])
+            first
+            parse-fn
+            second)))
 
 (defn handler
   "The handler that increments the counter."
@@ -52,7 +52,8 @@
     (let [app             (ring/ring-handler
                            (ring/router
                             ["/api"
-                             {:middleware [session/session-middleware]}
+                             {:middleware [session/session-middleware]
+                              :session    {}}
                              ["/ping" handler]
                              ["/pong" handler]]))
           first-response  (app {:request-method :get
@@ -65,6 +66,18 @@
         (is (= (inc (get-in first-response [:body :counter]))
                (get-in second-response [:body :counter])))))))
 
+(deftest default-session-off-test
+  (testing "Default session middleware"
+    (let [app  (ring/ring-handler
+                (ring/router
+                 ["/api"
+                  {:middleware [session/session-middleware]}
+                  ["/ping" handler]]))
+          resp (app {:request-method :get
+                     :uri            "/api/ping"})]
+      (testing "off by default"
+        (is (nil? (get-session-id resp)))))))
+
 (deftest session-spec-test
   (testing "Session spec"
     (testing "with invalid session store type"