Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README.md

seshcookie - cookie-based sessions for Go

Build Status GoDoc cover.run Go Report Card

seshcookie enables you to associate session-state with HTTP requests while keeping your server stateless. Because session-state is transferred as part of the HTTP request (in a cookie), state can be seamlessly maintained between server restarts or load balancing. It's inspired by Beaker, which provides a similar service for Python webapps. The cookies are authenticated and encrypted (using AES-GCM) with a key derived from a string provided to the NewHandler function. This makes seshcookie reliable and secure: session contents are opaque to users and not able to be manipulated or forged by third parties.

examples

The simple example below returns different content based on whether the user has visited the site before or not:

package main

import (
	"fmt"
	"log"
	"net/http"

	"github.com/bpowers/seshcookie"
)

type VisitedHandler struct{}

func (h *VisitedHandler) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
	if req.URL.Path != "/" {
		return
	}

	session := seshcookie.GetSession(req.Context())

	count, _ := session["count"].(int)
	count++
	session["count"] = count

	rw.Header().Set("Content-Type", "text/plain")
	rw.WriteHeader(200)
	if count == 1 {
		rw.Write([]byte("this is your first visit, welcome!"))
	} else {
		rw.Write([]byte(fmt.Sprintf("page view #%d", count)))
	}
}

func main() {
	key := "session key, preferably a sequence of data from /dev/urandom"
	http.Handle("/", seshcookie.NewHandler(
		&VisitedHandler{},
		key,
		&seshcookie.Config{HTTPOnly: true, Secure: false}))

	if err := http.ListenAndServe(":8080", nil); err != nil {
		log.Fatalf("ListenAndServe: %s", err)
	}
}

There is a more detailed example in example/ which uses seshcookie to enforce authentication for a particular resource. In particular, it shows how you can embed (or stack) multiple http.Handlers to get the behavior you want.

license

seshcookie is offered under the MIT license, see LICENSE for details.

About

http sessions stored in encrypted cookies for Go

Resources

License

Packages

No packages published
You can’t perform that action at this time.