@(define ensure-session (userid clientip))
@  (local sessionid)
@  (do (ensure-dir sessions-dir #o700))
@  (bind sessionid @(rand (expt 2 128)))
@  (output `@{sessions-dir}/@userid`)
@userid @sessionid @clientip @(time)
@  (end)
@  (add-header "Set-Cookie" `tamarind-login=@userid:@sessionid`)
@(end)
@;
@(define remove-session (userid))
@  (do (ignerr (remove-path `@{sessions-dir}/@userid`)))
@  (add-header "Set-Cookie" `tamarind-login=;max-age=0`)
@(end)
@;
@(define sess-cookie (userid sessionid))
HTTP_COOKIE=@(skip)tamarind-login=@userid:@{sessionid /\d+/}@(skip)
@(end)
@;
@(define check-session (valid-p userid sessid clientip))
@  (cases)
@    (require (and userid sessid))
@    (next `@{sessions-dir}/@{userid}` :nothrow)
@{userid} @{sessid} @clientip @timestamp
@    (require (< (- (time) (int-str timestamp)) (* 3600 169)))
@    (bind valid-p t)
@  (or)
@    (bind valid-p nil)
@  (end)
@(end)