Documentation ¶
Overview ¶
goETS is a session management middleware that does not require a database call to check the session and implements the Encrypted Token Pattern helping prevent CSRF. More information about the Encypted Token Pattern can be found at: (https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Encrypted_Token_Pattern).
Index ¶
Examples ¶
Constants ¶
View Source
const CONTEXT_KEY string = "session_id"
View Source
const KeySize = 32
KeySize is size of AES-256-GCM keys in bytes.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Session ¶
type Session struct {
// contains filtered or unexported fields
}
Example (NegroniMiddleware) ¶
Demonstrates the general usage of this package with negroni
// Setting up the session options var sOpt = new(session.Options) // Set the max age of the session in seconds sOpt.MaxAge = 30 * 60 // 30min * 60 sec/min // This is only a test key, the key needs to be secret. sOpt.CryptKey = []byte("n+D+LpWrHpjzhe4HyPdALAbwrB4vk1WV") n := negroni.Classic() // Using the session middleware in Negroni n.Use(session.NewSession(sOpt)) mux := http.NewServeMux() mux.HandleFunc("/setSession", func(w http.ResponseWriter, req *http.Request) { // Setting the session on an individual request, if you do not modify the // session it will retain its settings for the request context.Set(req, session.CONTEXT_KEY, "1") }) mux.HandleFunc("/getSession", func(w http.ResponseWriter, req *http.Request) { // Retrieving the session unique identifier _ = context.Get(req, session.CONTEXT_KEY).(string) })
Output:
func NewSession ¶
NewSession is used in the creation of the Negroni middleware
func (*Session) ServeHTTP ¶
func (s *Session) ServeHTTP(w http.ResponseWriter, req *http.Request, next http.HandlerFunc)
ServeHTTP is a http server handeler for the middleware which handles the session data and stores the session id in the context.
Click to show internal directories.
Click to hide internal directories.