Go (lang) HTTP session authentication
Go Shell
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.


Go Session Authentication

Build Status Coverage Status GoDoc Version 2.0.0

See git tags/releases for information about potentially breaking change.

This package uses the Gorilla web toolkit's sessions package to implement a user authentication and authorization system for Go web servers.

Multiple user data storage backends are available, and new ones can be implemented relatively easily.

Access can be restricted by a users' role.

Uses bcrypt for password hashing.

var (
    aaa httpauth.Authorizer

func login(rw http.ResponseWriter, req *http.Request) {
    username := req.PostFormValue("username")
    password := req.PostFormValue("password")
    if err := aaa.Login(rw, req, username, password, "/"); err != nil && err.Error() == "already authenticated" {
        http.Redirect(rw, req, "/", http.StatusSeeOther)
    } else if err != nil {
        http.Redirect(rw, req, "/login", http.StatusSeeOther)

Run go run server.go from the examples directory and visit localhost:8009 for an example. You can login with the username "admin" and password "adminadmin".

Tests can be run by simulating Travis CI's build environment. There's a very unsafe script --- start-test-env.sh that will do this for you.

You should follow me on Twitter. Appreciate this package?


  • User roles - modification
  • SMTP email validation (key based)
  • More backends
  • Possible remove dependance on bcrypt