security.v0: Index | Files

package session

import ""

Package session provides HTTP state management library for aah framework. Default store is `Cookie` and framework provides `FileStore` and extensible `session.Storer` interface. Using store interface you can write any key-value Database, NoSQL Database, and RDBMS for storing encoded session data.


- Extensible session store interface
- Signed session data
- Encrypted session data

Non-cookie store session data is maintained via store interface. Only Session ID is transmitted over the wire in the Cookie. Please refer `session.FileStore` for sample, its very easy.

If you would like to store custom types in session then Register your custom types using `gob.Register(...)`.

Secure cookie code is inspired from Gorilla secure cookie library.

Know more:


Package Files

encode.go file_store.go manager.go session.go util.go


var (
    // ErrSessionStoreIsNil returned when suppiled store is nil.
    ErrSessionStoreIsNil = errors.New("security/session: store value is nil")

func AddStore Uses

func AddStore(name string, store Storer) error

AddStore method allows you to add user created session store for aah framework application.

func ReleaseSession Uses

func ReleaseSession(s *Session)

ReleaseSession method puts session object back to pool.

type FileStore Uses

type FileStore struct {
    // contains filtered or unexported fields

FileStore is the aah framework session store implementation.

func (*FileStore) Cleanup Uses

func (f *FileStore) Cleanup(m *Manager)

Cleanup method deletes the expired session file.

func (*FileStore) Delete Uses

func (f *FileStore) Delete(id string) error

Delete method deletes the session file for given id.

func (*FileStore) Init Uses

func (f *FileStore) Init(cfg *config.Config) error

Init method initialize the file store using given application config.

func (*FileStore) IsExists Uses

func (f *FileStore) IsExists(id string) bool

IsExists method returns true if the session file exists otherwise false.

func (*FileStore) Read Uses

func (f *FileStore) Read(id string) string

Read method reads the encoded cookie value from file.

func (*FileStore) Save Uses

func (f *FileStore) Save(id, value string) error

Save method saves the given session id with encoded cookie value.

type Manager Uses

type Manager struct {
    // contains filtered or unexported fields

Manager is a session manager to manage sessions.

func NewManager Uses

func NewManager(appCfg *config.Config) (*Manager, error)

NewManager method initializes the session manager and store based on configuration from aah.conf section `session { ... }`.

func (*Manager) Decode Uses

func (m *Manager) Decode(value string, dst interface{}) error

Decode method decodes given value with name.

It performs:

1) Decrypts the value (size check, decode base64, sign verify, timestamp verify, decrypt)
2) Decode into result object using `Gob`

func (*Manager) DecodeToSession Uses

func (m *Manager) DecodeToSession(encodedStr string) (*Session, error)

DecodeToSession method decodes the encoded string into session object.

func (*Manager) DecodeToString Uses

func (m *Manager) DecodeToString(encodedStr string) (string, error)

DecodeToString method decodes the encoded string into original string.

func (*Manager) DeleteSession Uses

func (m *Manager) DeleteSession(w http.ResponseWriter, s *Session) error

DeleteSession method deletes the session from store and sets deletion for browser cookie.

func (*Manager) Encode Uses

func (m *Manager) Encode(value interface{}) (string, error)

Encode method encodes given value with name.

It performs:

1) Encodes the value using `Gob`
2) Encodes value into Base64 (encrypt, sign, cookie size check)

func (*Manager) GetSession Uses

func (m *Manager) GetSession(r *http.Request) *Session

GetSession method returns the session for given request instance otherwise it returns nil.

func (*Manager) IsCookieStore Uses

func (m *Manager) IsCookieStore() bool

IsCookieStore method returns true if session store is cookie otherwise false.

func (*Manager) IsStateful Uses

func (m *Manager) IsStateful() bool

IsStateful methdo returns true if session mode is stateful otherwise false.

func (*Manager) NewSession Uses

func (m *Manager) NewSession() *Session

NewSession method creates a new session for the request.

func (*Manager) SaveSession Uses

func (m *Manager) SaveSession(w http.ResponseWriter, s *Session) error

SaveSession method saves the given session into store. Add writes the cookie into response.

type Session Uses

type Session struct {
    // ID method return session ID. It is dynamically generated while new session
    // creation. ID length is 32.
    //Note: Do not use this value for any/derving user relation, not recommended.
    ID  string

    // Values is values that stored in session object.
    Values map[string]interface{}

    // IsNew indicates whether sesison is newly created or restore from the
    // request which was already created.
    IsNew bool

    // IsAuthenticated is helpful to identify user session already authenicated or
    // not. Don't forget to set it true after successful authentication.
    IsAuthenticated bool

    // CreatedTime is when the session was created.
    CreatedTime *time.Time
    // contains filtered or unexported fields

Session hold the information for particular HTTP request.

func (*Session) Clear Uses

func (s *Session) Clear()

Clear method marks the session for deletion. It triggers the deletion at the end of the request for cookie and session store data.

func (*Session) Del Uses

func (s *Session) Del(key string)

Del method deletes the value for the given key if exists.

func (*Session) Get Uses

func (s *Session) Get(key string) interface{}

Get method returns the value for given key otherwise nil.

func (*Session) GetBool Uses

func (s *Session) GetBool(key string) bool

GetBool method returns the `bool` value from otherwise false.

func (*Session) GetFlash Uses

func (s *Session) GetFlash(key string) interface{}

GetFlash method returns the flash messages from the session object and deletes it from session.

func (*Session) GetFloat32 Uses

func (s *Session) GetFloat32(key string) float32

GetFloat32 method returns the `float32` value from session otherwise 0.

func (*Session) GetFloat64 Uses

func (s *Session) GetFloat64(key string) float64

GetFloat64 method returns the `float64` value from session otherwise 0.

func (*Session) GetInt Uses

func (s *Session) GetInt(key string) int

GetInt method returns the `int` value from session otherwise 0.

func (*Session) GetInt64 Uses

func (s *Session) GetInt64(key string) int64

GetInt64 method returns the `int64` value from session otherwise 0.

func (*Session) GetString Uses

func (s *Session) GetString(key string) string

GetString method returns the `string` value from session otherwise empty string.

func (*Session) IsKeyExists Uses

func (s *Session) IsKeyExists(key string) bool

IsKeyExists method returns true if given key is exists in session object otherwise false.

func (*Session) Reset Uses

func (s *Session) Reset()

Reset method resets the instance values for repurpose.

func (*Session) Set Uses

func (s *Session) Set(key string, value interface{})

Set method set the value for the given key, if key already exists it updates the value.

Note: For any complex/custom structure you would like to store in session. Please register those types using `gob.Register(...)`.

func (*Session) SetFlash Uses

func (s *Session) SetFlash(key string, value interface{})

SetFlash method adds flash message into session object.

func (Session) String Uses

func (s Session) String() string

String method is stringer interface implementation.

type Storer Uses

type Storer interface {
    Init(appCfg *config.Config) error
    Read(id string) string
    Save(id, value string) error
    Delete(id string) error
    IsExists(id string) bool
    Cleanup(m *Manager)

Storer is interface for implementing pluggable storage implementation.

Package session imports 15 packages (graph) and is imported by 4 packages. Updated 2018-08-15. Refresh now. Tools for package owners.