Skip to content
This repository


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

http sessions stored in encrypted cookies for Go

tree: 53d14ee55c

Fetching latest commit…


Cannot retrieve the latest commit at this time

Octocat-spinner-32 example
Octocat-spinner-32 .gitignore
Octocat-spinner-32 LICENSE
Octocat-spinner-32 Makefile
Octocat-spinner-32 doc.go
Octocat-spinner-32 seshcookie.go
Octocat-spinner-32 seshcookie_test.go

seshcookie - cookie-based sessions for Go

seshcookie allows you to associate session-state with http requests while allowing your server to remain stateless. Because session-state is transferred as part of the HTTP request, state can be maintained seamlessly between server-restarts or load balancing. It's inspired by Beaker, which provides a similar service for Python webapps. The cookies are AES encrypted in CTR mode, with the key derived from a user-specified string.


Perhaps the simplest example would be a handler which returns different content based on if the user has been to the site before or not:

package main

import (

type VisitedHandler struct{}

func (h *VisitedHandler) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
    if req.URL.Path != "/" {

    session := seshcookie.Session.Get(req)

    count, _ := session["count"].(int)
    count += 1
    session["count"] = count

    rw.Header().Set("Content-Type", "text/plain")
    if count == 1 {
        rw.Write([]byte("this is your first visit, welcome!"))
    } else {
        rw.Write([]byte(fmt.Sprintf("page view #%d", count)))

func main() {
    key := "session key, preferably a sequence of data from /dev/urandom"
    http.Handle("/", seshcookie.NewSessionHandler(

    if err := http.ListenAndServe(":8080", nil); err != nil {
        log.Fatal("ListenAndServe:", err)

There is a more detailed example in example/ which uses seshcookie to enforce authentication for a particular resource. In particular, it shows how you can embed (or stack) multiple http.Handlers to get the behavior you want.


seshcookie is offered under the MIT license, see LICENSE for details.

Something went wrong with that request. Please try again.