Skip to content
This repository has been archived by the owner before Nov 9, 2022. It is now read-only.


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Go Session Authentication

Build Status Coverage Status GoDoc Version 2.0.0

See git tags/releases for information about potentially breaking change.

This package uses the Gorilla web toolkit's sessions package to implement a user authentication and authorization system for Go web servers.

Multiple user data storage backends are available, and new ones can be implemented relatively easily.

Access can be restricted by a users' role.

Uses bcrypt for password hashing.

var (
    aaa httpauth.Authorizer

func login(rw http.ResponseWriter, req *http.Request) {
    username := req.PostFormValue("username")
    password := req.PostFormValue("password")
    if err := aaa.Login(rw, req, username, password, "/"); err != nil && err.Error() == "already authenticated" {
        http.Redirect(rw, req, "/", http.StatusSeeOther)
    } else if err != nil {
        http.Redirect(rw, req, "/login", http.StatusSeeOther)

Run go run server.go from the examples directory and visit localhost:8009 for an example. You can login with the username "admin" and password "adminadmin".

Tests can be run by simulating Travis CI's build environment. There's a very unsafe script --- that will do this for you.

You should follow me on Twitter. Appreciate this package?


  • User roles - modification
  • SMTP email validation (key based)
  • More backends
  • Possible remove dependance on bcrypt