Skip to content
/ sessions Public

Minimalist Go sessions with a secure cookie Store implementation

License

MIT license
26 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

dghubble/sessions

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits
.github
.github
 
 
CHANGES.md
CHANGES.md
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
cookie.go
cookie.go
 
 
doc.go
doc.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
sessions.go
sessions.go
 
 
store.go
store.go
 
 

Repository files navigation

sessions

GoDoc Workflow Sponsors Mastodon

Package sessions provides minimalist Go sessions, backed by securecookie or database stores.

Features

  • Store provides an interface for managing a user Session
    • May be implemented by custom session database backends
  • Session stores a typed value (via generics)
  • Session provides convenient key/value Set, Get, and GetOk methods
  • NewCookieStore implements a Store backed by client-side cookies (signed and optionally encrypted)

Docs

Read GoDoc

Usage

Create a Store for managing Session's. NewCookieStore returns a Store that signs and optionally encrypts cookies to support user sessions.

A Session stores a map of key/value pairs (e.g. "userID": "a1b2c3"). Starting with v0.4.0, sessions uses Go generics to allow specifying a type for stored values. Previously, values were type interface{} or any, which required type assertions.

import (
  "github.com/dghubble/sessions"
)

func NewServer() (http.Handler) {
  ...
  // client-side cookies
  store := sessions.NewCookieStore[string](
    sessions.DefaultCookieConfig,
    // use a 32 byte or 64 byte hash key
    []byte("signing-secret"),
    // use a 32 byte (AES-256) encryption key
    []byte("encryption-secret")
  )
  ...
  server.sessions = store
}

Issue a session cookie from a handler (e.g. login handler).

func (s server) Login() http.Handler {
  fn := func(w http.ResponseWriter, req *http.Request) {
    // create a session
    session := s.sessions.New("my-app")
    // add user-id to session
    session.Set("user-id", "a1b2c3")
    // save the session to the response
    if err := session.Save(w); err != nil {
      // handle error
    }
    ...
  }
  return http.HandlerFunc(fn)
}

Access the session and its values (e.g. require authentication).

func (s server) RequireLogin() http.Handler {
  fn := func(w http.ResponseWriter, req *http.Request) {
    session, err := s.sessions.Get("my-app")
    if err != nil {
      http.Error(w, "missing session", http.StatusUnauthorized)
      return
    }

    userID, present := session.GetOk("user-id")
    if !present {
      http.Error(w, "missing user-id", http.StatusUnauthorized)
      return
    }

    fmt.Fprintf(w, `<p>Welcome %d!</p>
    <form action="/logout" method="post">
    <input type="submit" value="Logout">
    </form>`, userID)
  }
  return http.HandlerFunc(fn)
}

Delete a session when a user logs out.

func (s server) Logout() http.Handler {
  fn := func(w http.ResponseWriter, req *http.Request) {
    if req.Method == "POST" {
      s.sessions.Destroy(w, "my-app")
    }
    http.Redirect(w, req, "/", http.StatusFound)
  }
  return http.HandlerFunc(fn)
}

License

MIT License

About

Minimalist Go sessions with a secure cookie Store implementation

Resources

Readme

License

MIT license
Activity

Stars

26 stars

Watchers

4 watching

Forks

7 forks
Report repository

Releases 7

v0.4.1 Latest
Feb 26, 2024
+ 6 releases

Sponsor this project

 
Learn more about GitHub Sponsors

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages