Package gorilla/sessions provides cookie and filesystem sessions and infrastructure for custom session backends.
Clone or download
secracon and elithrar Use golang context pkg instead of gorilla/context to fix memory leaks (
…#175)

* - use golang context pkg instead of gorilla/context to fix memory leaks
* - add test case for checking request context content upon shallow copy
* - update docs, readme.md and travis.yml
Latest commit 12bd476 Dec 8, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github Update and rename stale to stale.yml (#177) Dec 8, 2018
.travis.yml Use golang context pkg instead of gorilla/context to fix memory leaks ( Dec 8, 2018
AUTHORS Add AUTHORS file; update LICENSE (#158) Jun 6, 2018
LICENSE Add AUTHORS file; update LICENSE (#158) Jun 6, 2018
README.md Use golang context pkg instead of gorilla/context to fix memory leaks ( Dec 8, 2018
cookie.go Set http.Cookie's SameSite field in NewCookie for Go 1.11 or later Sep 28, 2018
cookie_go111.go Set http.Cookie's SameSite field in NewCookie for Go 1.11 or later Sep 28, 2018
cookie_go111_test.go Don't use t.Run in tests, not supported in earlier Go versions Sep 28, 2018
cookie_test.go Don't use t.Run in tests, not supported in earlier Go versions Sep 28, 2018
doc.go Use golang context pkg instead of gorilla/context to fix memory leaks ( Dec 8, 2018
go.mod Run go mod tidy Oct 15, 2018
lex.go [refactor] gofmt on lex.go to fix import block. Feb 26, 2016
options.go Adds support for SameSite cookie attribute (#165) Sep 3, 2018
options_go111.go Adds support for SameSite cookie attribute (#165) Sep 3, 2018
sessions.go Use golang context pkg instead of gorilla/context to fix memory leaks ( Dec 8, 2018
sessions_test.go Use golang context pkg instead of gorilla/context to fix memory leaks ( Dec 8, 2018
store.go [docs] Improve advice around key generation & usage. (#168) Sep 13, 2018
store_test.go Add missing error check (#123) Oct 8, 2017

README.md

sessions

GoDoc Build Status Sourcegraph

gorilla/sessions provides cookie and filesystem sessions and infrastructure for custom session backends.

The key features are:

  • Simple API: use it as an easy way to set signed (and optionally encrypted) cookies.
  • Built-in backends to store sessions in cookies or the filesystem.
  • Flash messages: session values that last until read.
  • Convenient way to switch session persistency (aka "remember me") and set other attributes.
  • Mechanism to rotate authentication and encryption keys.
  • Multiple sessions per request, even using different backends.
  • Interfaces and infrastructure for custom session backends: sessions from different stores can be retrieved and batch-saved using a common API.

Let's start with an example that shows the sessions API in a nutshell:

	import (
		"net/http"
		"github.com/gorilla/sessions"
	)

	// Note: Don't store your key in your source code. Pass it via an
	// environmental variable, or flag (or both), and don't accidentally commit it
	// alongside your code. Ensure your key is sufficiently random - i.e. use Go's
	// crypto/rand or securecookie.GenerateRandomKey(32) and persist the result.
	var store = sessions.NewCookieStore([]byte(os.Getenv("SESSION_KEY")))

	func MyHandler(w http.ResponseWriter, r *http.Request) {
		// Get a session. We're ignoring the error resulted from decoding an
		// existing session: Get() always returns a session, even if empty.
		session, _ := store.Get(r, "session-name")
		// Set some session values.
		session.Values["foo"] = "bar"
		session.Values[42] = 43
		// Save it before we write to the response/return from the handler.
		session.Save(r, w)
	}

First we initialize a session store calling NewCookieStore() and passing a secret key used to authenticate the session. Inside the handler, we call store.Get() to retrieve an existing session or create a new one. Then we set some session values in session.Values, which is a map[interface{}]interface{}. And finally we call session.Save() to save the session in the response.

More examples are available on the Gorilla website.

Store Implementations

Other implementations of the sessions.Store interface:

License

BSD licensed. See the LICENSE file for details.