To use the session features of spludo, there is a session_manager global
available.
Whenever you want to create a session for the current user, you'll call:
context.session_id = session_manager.createSession({username: username});
This will assign the session_id to the current context.
Removing a session works like this:
session_manager.removeSession(context.session_id);
context.session_id = null;
The framework will do the Set-Cookie handling for you, as soon as
context.session_id is changed or get's lost. That happens because the
default implementation is the CookieSessionManager.
If you want to update the session data, without changing the session_id,
you can use:
var session_data = session_manager.getSession(context.session_id);
session_data.is_admin = true;
session_manager.setSession(context.session_id, session_data);
This will save the session data in the configured storage. Default storage is MemoryStorage.
The session data is not saved on the clients computer. Instead the session_id
is set as cookie and read back.
If you want to inject a specific session by GET/POST parameter you have to implement this in the controller. This should not be necessary in most cases.