session

package
v0.0.0-...-d7376be Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 28, 2016 License: MIT Imports: 14 Imported by: 0

Documentation

Index

Constants

View Source
const SESSIONKEY = "_VertoSession"

SESSIONKEY is the constant name used to denote both the verto session cookie and the session injection

Variables

View Source
var ErrBadHMAC = errors.New("Mis-matched HMAC")

ErrBadHMAC is returned by DecryptCookie when the HMAC read from the cookie does not match the HMAC calculated from its contents

View Source
var ErrCipherTooShort = errors.New("Cipher text is too short")

ErrCipherTooShort is returned by DecryptCookie when performing decryption and the cipher text is too short to be valid

View Source
var ErrMissingKey = errors.New("Missing required hashKey argument")

ErrMissingKey is returned by NewSecureCookie and DecryptCookie if the hashKey parameter is missing

Functions

func DecryptCookie

func DecryptCookie(cookie *http.Cookie, hashKey, encryptKey []byte) (*http.Cookie, error)

DecryptCookie attempts to use hashKey and encryptKey to decrypt the value of the passed in cookie and return a read-only decrypted http.Cookie. The hashKey and encryptKey should match those used to encrypt the cookie originally. hashKey must not be nil or this function will return ErrMissingKey. An err is also returned if there was an issue performing decryption on the cookie or if the calculated MAC doesn't match the one stored in the cookie.

func NewSecureCookie

func NewSecureCookie(cookie *http.Cookie, hashKey, encryptKey []byte) (*http.Cookie, error)

NewSecureCookie returns a clone of the original cookie with the value encoded with a calculated MAC. If encryptKey is not nil, encryption will be performed on the value as well. hashKey must not be nil or ErrMissingKey will be returned. An is also returned in the case that encryption fails

Types

type CookieSession

type CookieSession struct {
	// contains filtered or unexported fields
}

CookieSession is an implementation of the Session interface using secure cookies as the backing store. CookieSession is thread safe

func (*CookieSession) Clear

func (s *CookieSession) Clear()

Clear clears all data from the session instance. Calling clear and then flush will expire any cookies related to the session instance

func (*CookieSession) Del

func (s *CookieSession) Del(key interface{})

Del deletes a key-value association from the sesion instance

func (*CookieSession) Flush

func (s *CookieSession) Flush() error

Flush writes any session data to the cookie backing store. Flush should only be called at the end of the request chain. If there is no data in the session instance, Flush will delete any associated cookies. Otherwise, the data will be marshalled and encoded into a secure cookie with the parameters set by the CookieSessionFactory that spawned the session instance

func (*CookieSession) Get

func (s *CookieSession) Get(key interface{}) interface{}

Get retrieves the data associated with the key or nil if no such association exists

func (*CookieSession) Set

func (s *CookieSession) Set(key, value interface{})

Set sets a key-value association for the session instance. If a previous association exists, it is overwritten

type CookieSessionFactory

type CookieSessionFactory struct {
	// HashKey used to create an HMAC for the secure cookie
	// backing store. This field is required.
	HashKey []byte

	// EncryptKey is an optional key used to cryptographically
	// encrypt the contents of the secure cookie. If no
	// EncryptKey is provided, no encryption is done on the
	// secure cookie
	EncryptKey []byte

	// The below fields correspond to the fields within http.Cookie
	Path     string
	Domain   string
	Expires  time.Time
	MaxAge   int
	Secure   bool
	HttpOnly bool
}

CookieSessionFactory is an implementation of SessionFactory that creates Session instances backed by secure cookies.

func (*CookieSessionFactory) Create

Create instantiates a CookieSession from the passed in http.Request and writes out to the passed in http.ResponseWriter. If the request contains an existing session cookie, the cookie will be decrypted and the contents stored in the generated session. If cookie decryption fails, the session data will be empty

type Factory

type Factory interface {
	Create(w http.ResponseWriter, r *http.Request) Session
}

Factory is an interface for creating Session instances from an http request

type Session

type Session interface {
	// Get retrieves the session value associated with
	// the passed in key or nil if no such value exists
	Get(key interface{}) interface{}

	// Set sets a key-value association for a session
	// instance. If an old association exists, it is
	// overwritten
	Set(key, value interface{})

	// Del deletes a key-value association from the session
	// instance
	Del(key interface{})

	// Clear clears a session instance of all data.
	Clear()

	// Flush writes session data to the backing store
	// for the session instance. Any errors encountered
	// writing session data are returned
	Flush() error
}

Session is an interface for interacting with session data. Session implementations must be thread-safe

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL