Documentation ¶
Index ¶
Constants ¶
const SESSIONKEY = "_VertoSession"
SESSIONKEY is the constant name used to denote both the verto session cookie and the session injection
Variables ¶
var ErrBadHMAC = errors.New("Mis-matched HMAC")
ErrBadHMAC is returned by DecryptCookie when the HMAC read from the cookie does not match the HMAC calculated from its contents
var ErrCipherTooShort = errors.New("Cipher text is too short")
ErrCipherTooShort is returned by DecryptCookie when performing decryption and the cipher text is too short to be valid
var ErrMissingKey = errors.New("Missing required hashKey argument")
ErrMissingKey is returned by NewSecureCookie and DecryptCookie if the hashKey parameter is missing
Functions ¶
func DecryptCookie ¶
DecryptCookie attempts to use hashKey and encryptKey to decrypt the value of the passed in cookie and return a read-only decrypted http.Cookie. The hashKey and encryptKey should match those used to encrypt the cookie originally. hashKey must not be nil or this function will return ErrMissingKey. An err is also returned if there was an issue performing decryption on the cookie or if the calculated MAC doesn't match the one stored in the cookie.
func NewSecureCookie ¶
NewSecureCookie returns a clone of the original cookie with the value encoded with a calculated MAC. If encryptKey is not nil, encryption will be performed on the value as well. hashKey must not be nil or ErrMissingKey will be returned. An is also returned in the case that encryption fails
Types ¶
type CookieSession ¶
type CookieSession struct {
// contains filtered or unexported fields
}
CookieSession is an implementation of the Session interface using secure cookies as the backing store. CookieSession is thread safe
func (*CookieSession) Clear ¶
func (s *CookieSession) Clear()
Clear clears all data from the session instance. Calling clear and then flush will expire any cookies related to the session instance
func (*CookieSession) Del ¶
func (s *CookieSession) Del(key interface{})
Del deletes a key-value association from the sesion instance
func (*CookieSession) Flush ¶
func (s *CookieSession) Flush() error
Flush writes any session data to the cookie backing store. Flush should only be called at the end of the request chain. If there is no data in the session instance, Flush will delete any associated cookies. Otherwise, the data will be marshalled and encoded into a secure cookie with the parameters set by the CookieSessionFactory that spawned the session instance
func (*CookieSession) Get ¶
func (s *CookieSession) Get(key interface{}) interface{}
Get retrieves the data associated with the key or nil if no such association exists
func (*CookieSession) Set ¶
func (s *CookieSession) Set(key, value interface{})
Set sets a key-value association for the session instance. If a previous association exists, it is overwritten
type CookieSessionFactory ¶
type CookieSessionFactory struct { // HashKey used to create an HMAC for the secure cookie // backing store. This field is required. HashKey []byte // EncryptKey is an optional key used to cryptographically // encrypt the contents of the secure cookie. If no // EncryptKey is provided, no encryption is done on the // secure cookie EncryptKey []byte // The below fields correspond to the fields within http.Cookie Path string Domain string Expires time.Time MaxAge int Secure bool HttpOnly bool }
CookieSessionFactory is an implementation of SessionFactory that creates Session instances backed by secure cookies.
func (*CookieSessionFactory) Create ¶
func (factory *CookieSessionFactory) Create(w http.ResponseWriter, r *http.Request) Session
Create instantiates a CookieSession from the passed in http.Request and writes out to the passed in http.ResponseWriter. If the request contains an existing session cookie, the cookie will be decrypted and the contents stored in the generated session. If cookie decryption fails, the session data will be empty
type Factory ¶
type Factory interface {
Create(w http.ResponseWriter, r *http.Request) Session
}
Factory is an interface for creating Session instances from an http request
type Session ¶
type Session interface { // Get retrieves the session value associated with // the passed in key or nil if no such value exists Get(key interface{}) interface{} // Set sets a key-value association for a session // instance. If an old association exists, it is // overwritten Set(key, value interface{}) // Del deletes a key-value association from the session // instance Del(key interface{}) // Clear clears a session instance of all data. Clear() // Flush writes session data to the backing store // for the session instance. Any errors encountered // writing session data are returned Flush() error }
Session is an interface for interacting with session data. Session implementations must be thread-safe