session

package module

v0.2.1 Latest Latest Go to latest Published: Jun 5, 2023 License: MIT Imports: 8 Imported by: 3

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kr/session

Links

Open Source Insights

README ¶

basic http sessions with a nice interface

Documentation ¶

Overview ¶

Package session provides a convenient way to store session data (such as a user ID) securely in a web browser cookie or other authentication token. Cookie values generated by this package use modern authenticated encryption, so they can't be inspected or altered by client processes.

Most users of this package will use functions Set and Get, which manage cookies directly. An analogous pair of functions, Encode and Decode, help when the session data will be stored somewhere other than a browser cookie; for example, an API token configured by hand in an API client process.

Index ¶

Variables
func Decode(token string, v interface{}, config *Config) error
func Encode(v interface{}, config *Config) (string, error)
func Get(req *http.Request, v interface{}, config *Config) error
func Set(w http.ResponseWriter, v interface{}, config *Config) error
type Config

Constants ¶

This section is empty.

Variables ¶

View Source

var DefaultCookie = http.Cookie{
	Name:     "session",
	Path:     "/",
	MaxAge:   100 * 365 * 24 * 60 * 60,
	Secure:   true,
	HttpOnly: true,
	SameSite: http.SameSiteLaxMode,
}

DefaultCookie documents the Cookie settings used by functions in this package when Config.Cookie is nil.

Changes to DefaultCookie will not affect the behavior of this package. It is only for documentation.

Functions ¶

func Decode ¶

func Decode(token string, v interface{}, config *Config) error

Decode decodes the encrypted token into v. See encoding/json for decoding behavior.

func Encode ¶

func Encode(v interface{}, config *Config) (string, error)

Encode encodes a token set to expire after config.Cookie.MaxAge. This is intended to be used with Decode. If using sessions, you probably want to use Set. See encoding/json for encoding behavior.

func Get ¶

func Get(req *http.Request, v interface{}, config *Config) error

Get decodes a session from req into v. See encoding/json for decoding behavior.

Non-nil error values indicate that no valid session was present in req. Typically, the specific error information is useful only for debugging. In an ordinary production setting, any non-nil error should be treated simply as an unauthenticated request (e.g. a fresh visitor who hasn't logged in yet).

func Set ¶

func Set(w http.ResponseWriter, v interface{}, config *Config) error

Set encodes a session from v into a cookie on w. See encoding/json for encoding behavior.

Types ¶

type Config ¶

type Config struct {
	// Keys is used to encrypt and decrypt sessions.
	//
	// Sessions are encrypted to all keys to facilitate
	// seamless key rotation. As long as there is an overlap
	// between the sets of keys on two servers, sessions can
	// be encrypted and decrypted on either server.
	//
	// Overhead (after base64) is about 266 bytes per key.
	//
	// See filippo.io/age.
	Keys []*age.X25519Identity

	// Cookie controls encoding and decoding cookies, as in
	// net/http, except that Cookie.Value is ignored.
	// (The cookie value is provided by Set.)
	//
	// If Cookie is nil, DefaultCookie is used.
	Cookie *http.Cookie
}

Source Files ¶

View all Source files

session.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL