Documentation ¶
Overview ¶
Package session provides a convenient way to store session data (such as a user ID) securely in a web browser cookie or other authentication token. Cookie values generated by this package use modern authenticated encryption, so they can't be inspected or altered by client processes.
Most users of this package will use functions Set and Get, which manage cookies directly. An analogous pair of functions, Encode and Decode, help when the session data will be stored somewhere other than a browser cookie; for example, an API token configured by hand in an API client process.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var DefaultCookie = http.Cookie{ Name: "session", Path: "/", MaxAge: 100 * 365 * 24 * 60 * 60, Secure: true, HttpOnly: true, SameSite: http.SameSiteLaxMode, }
DefaultCookie documents the Cookie settings used by functions in this package when Config.Cookie is nil.
Changes to DefaultCookie will not affect the behavior of this package. It is only for documentation.
Functions ¶
func Encode ¶
Encode encodes a token set to expire after config.Cookie.MaxAge. This is intended to be used with Decode. If using sessions, you probably want to use Set. See encoding/json for encoding behavior.
func Get ¶
Get decodes a session from req into v. See encoding/json for decoding behavior.
Non-nil error values indicate that no valid session was present in req. Typically, the specific error information is useful only for debugging. In an ordinary production setting, any non-nil error should be treated simply as an unauthenticated request (e.g. a fresh visitor who hasn't logged in yet).
Types ¶
type Config ¶
type Config struct { // Keys is used to encrypt and decrypt sessions. // // Sessions are encrypted to all keys to facilitate // seamless key rotation. As long as there is an overlap // between the sets of keys on two servers, sessions can // be encrypted and decrypted on either server. // // Overhead (after base64) is about 266 bytes per key. // // See filippo.io/age. Keys []*age.X25519Identity // Cookie controls encoding and decoding cookies, as in // net/http, except that Cookie.Value is ignored. // (The cookie value is provided by Set.) // // If Cookie is nil, DefaultCookie is used. Cookie *http.Cookie }