session

package module

v0.0.0-...-9b82291 Latest Latest Go to latest Published: Nov 4, 2014 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/johansenj/goETS

Links

Open Source Insights

README ¶

GO Encrypted Token Session

goETS is an implementation of the Encrypted Token Paturn Session written for Negroni middleware.

Usage

Options

- MaxAge   - is the max length of time in seconds that a session token is valid
- CryptKey - is the secret 256 bit AES key

Examples

General Example

    // Setting up the session options
	var sOpt = new(session.Options)
	
	// Set the max age of the session in seconds
	sOpt.MaxAge = 30 * 60 // 30min * 60 sec/min
	
	// This is only a test key, the key needs to be secret.
	sOpt.CryptKey = []byte("n+D+LpWrHpjzhe4HyPdALAbwrB4vk1WV")

	n := negroni.Classic()

	// Using the session middleware in Negroni
	n.Use(session.NewSession(sOpt))

Setting Session

	context.Set(req, session.CONTEXT_KEY, "1")

Clearing Session

	context.Set(req, session.CONTEXT_KEY, "")

Retrieving session

	sesStr := context.Get(req, session.CONTEXT_KEY).(string)

Documentation ¶

Overview ¶

goETS is a session management middleware that does not require a database call to check the session and implements the Encrypted Token Pattern helping prevent CSRF. More information about the Encypted Token Pattern can be found at: (https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Encrypted_Token_Pattern).

Index ¶

Constants
type Options
type Session
- func NewSession(opt *Options) *Session
- func (s *Session) ServeHTTP(w http.ResponseWriter, req *http.Request, next http.HandlerFunc)

Examples ¶

Session (NegroniMiddleware)

Constants ¶

View Source

const CONTEXT_KEY string = "session_id"

View Source

const KeySize = 32

KeySize is size of AES-256-GCM keys in bytes.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Options ¶

type Options struct {
	MaxAge   int64
	CryptKey []byte
}

type Session ¶

type Session struct {
	// contains filtered or unexported fields
}

Example (NegroniMiddleware) ¶

Demonstrates the general usage of this package with negroni

// Setting up the session options
var sOpt = new(session.Options)
// Set the max age of the session in seconds
sOpt.MaxAge = 30 * 60 // 30min * 60 sec/min
// This is only a test key, the key needs to be secret.
sOpt.CryptKey = []byte("n+D+LpWrHpjzhe4HyPdALAbwrB4vk1WV")

n := negroni.Classic()

// Using the session middleware in Negroni
n.Use(session.NewSession(sOpt))

mux := http.NewServeMux()

mux.HandleFunc("/setSession", func(w http.ResponseWriter, req *http.Request) {
	// Setting the session on an individual request, if you do not modify the
	// session it will retain its settings for the request
	context.Set(req, session.CONTEXT_KEY, "1")
})

mux.HandleFunc("/getSession", func(w http.ResponseWriter, req *http.Request) {
	// Retrieving the session unique identifier
	_ = context.Get(req, session.CONTEXT_KEY).(string)

})

Output:

func NewSession ¶

func NewSession(opt *Options) *Session

NewSession is used in the creation of the Negroni middleware

func (*Session) ServeHTTP ¶

func (s *Session) ServeHTTP(w http.ResponseWriter, req *http.Request, next http.HandlerFunc)

ServeHTTP is a http server handeler for the middleware which handles the session data and stores the session id in the context.

Source Files ¶

View all Source files

session.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL