sessions

package module

v0.0.0-...-e22b688 Latest Latest Go to latest Published: Aug 27, 2019 License: BSD-3-Clause Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kichiyaki/sessions

README ¶

sessions

gorilla/sessions provides cookie and filesystem sessions and infrastructure for custom session backends.

The key features are:

Simple API: use it as an easy way to set signed (and optionally encrypted) cookies.
Built-in backends to store sessions in cookies or the filesystem.
Flash messages: session values that last until read.
Convenient way to switch session persistency (aka "remember me") and set other attributes.
Mechanism to rotate authentication and encryption keys.
Multiple sessions per request, even using different backends.
Interfaces and infrastructure for custom session backends: sessions from different stores can be retrieved and batch-saved using a common API.

Let's start with an example that shows the sessions API in a nutshell:

	import (
		"net/http"
		"github.com/gorilla/sessions"
	)

	// Note: Don't store your key in your source code. Pass it via an
	// environmental variable, or flag (or both), and don't accidentally commit it
	// alongside your code. Ensure your key is sufficiently random - i.e. use Go's
	// crypto/rand or securecookie.GenerateRandomKey(32) and persist the result.
	var store = sessions.NewCookieStore([]byte(os.Getenv("SESSION_KEY")))

	func MyHandler(w http.ResponseWriter, r *http.Request) {
		// Get a session. We're ignoring the error resulted from decoding an
		// existing session: Get() always returns a session, even if empty.
		session, _ := store.Get(r, "session-name")
		// Set some session values.
		session.Values["foo"] = "bar"
		session.Values[42] = 43
		// Save it before we write to the response/return from the handler.
		session.Save(r, w)
	}

First we initialize a session store calling NewCookieStore() and passing a secret key used to authenticate the session. Inside the handler, we call store.Get() to retrieve an existing session or create a new one. Then we set some session values in session.Values, which is a map[interface{}]interface{}. And finally we call session.Save() to save the session in the response.

More examples are available on the Gorilla website.

Store Implementations

Other implementations of the sessions.Store interface:

github.com/starJammer/gorilla-sessions-arangodb - ArangoDB
github.com/yosssi/boltstore - Bolt
github.com/srinathgs/couchbasestore - Couchbase
github.com/denizeren/dynamostore - Dynamodb on AWS
github.com/savaki/dynastore - DynamoDB on AWS (Official AWS library)
github.com/bradleypeabody/gorilla-sessions-memcache - Memcache
github.com/dsoprea/go-appengine-sessioncascade - Memcache/Datastore/Context in AppEngine
github.com/kidstuff/mongostore - MongoDB
github.com/srinathgs/mysqlstore - MySQL
github.com/EnumApps/clustersqlstore - MySQL Cluster
github.com/antonlindstrom/pgstore - PostgreSQL
github.com/boj/redistore - Redis
github.com/boj/rethinkstore - RethinkDB
github.com/boj/riakstore - Riak
github.com/michaeljs1990/sqlitestore - SQLite
github.com/wader/gormstore - GORM (MySQL, PostgreSQL, SQLite)
github.com/gernest/qlstore - ql
github.com/quasoft/memstore - In-memory implementation for use in unit tests
github.com/lafriks/xormstore - XORM (MySQL, PostgreSQL, SQLite, Microsoft SQL Server, TiDB)

License

BSD licensed. See the LICENSE file for details.

Documentation ¶

Overview ¶

Package sessions provides cookie and filesystem sessions and infrastructure for custom session backends.

The key features are:

Simple API: use it as an easy way to set signed (and optionally encrypted) cookies.
Built-in backends to store sessions in cookies or the filesystem.
Flash messages: session values that last until read.
Convenient way to switch session persistency (aka "remember me") and set other attributes.
Mechanism to rotate authentication and encryption keys.
Multiple sessions per request, even using different backends.
Interfaces and infrastructure for custom session backends: sessions from different stores can be retrieved and batch-saved using a common API.

Let's start with an example that shows the sessions API in a nutshell:

import (
	"net/http"
	"github.com/gorilla/sessions"
)

// Note: Don't store your key in your source code. Pass it via an
// environmental variable, or flag (or both), and don't accidentally commit it
// alongside your code. Ensure your key is sufficiently random - i.e. use Go's
// crypto/rand or securecookie.GenerateRandomKey(32) and persist the result.
var store = sessions.NewCookieStore(os.Getenv("SESSION_KEY"))

func MyHandler(w http.ResponseWriter, r *http.Request) {
	// Get a session. Get() always returns a session, even if empty.
	session, err := store.Get(r, "session-name")
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	// Set some session values.
	session.Values["foo"] = "bar"
	session.Values[42] = 43
	// Save it before we write to the response/return from the handler.
	session.Save(r, w)
}

First we initialize a session store calling NewCookieStore() and passing a secret key used to authenticate the session. Inside the handler, we call store.Get() to retrieve an existing session or a new one. Then we set some session values in session.Values, which is a map[interface{}]interface{}. And finally we call session.Save() to save the session in the response.

Note that in production code, we should check for errors when calling session.Save(r, w), and either display an error message or otherwise handle it.

Save must be called before writing to the response, otherwise the session cookie will not be sent to the client.

That's all you need to know for the basic usage. Let's take a look at other options, starting with flash messages.

Flash messages are session values that last until read. The term appeared with Ruby On Rails a few years back. When we request a flash message, it is removed from the session. To add a flash, call session.AddFlash(), and to get all flashes, call session.Flashes(). Here is an example:

func MyHandler(w http.ResponseWriter, r *http.Request) {
	// Get a session.
	session, err := store.Get(r, "session-name")
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	// Get the previous flashes, if any.
	if flashes := session.Flashes(); len(flashes) > 0 {
		// Use the flash values.
	} else {
		// Set a new flash.
		session.AddFlash("Hello, flash messages world!")
	}
	session.Save(r, w)
}

Flash messages are useful to set information to be read after a redirection, like after form submissions.

There may also be cases where you want to store a complex datatype within a session, such as a struct. Sessions are serialised using the encoding/gob package, so it is easy to register new datatypes for storage in sessions:

import(
	"encoding/gob"
	"github.com/gorilla/sessions"
)

type Person struct {
	FirstName	string
	LastName 	string
	Email		string
	Age			int
}

type M map[string]interface{}

func init() {

	gob.Register(&Person{})
	gob.Register(&M{})
}

As it's not possible to pass a raw type as a parameter to a function, gob.Register() relies on us passing it a value of the desired type. In the example above we've passed it a pointer to a struct and a pointer to a custom type representing a map[string]interface. (We could have passed non-pointer values if we wished.) This will then allow us to serialise/deserialise values of those types to and from our sessions.

Note that because session values are stored in a map[string]interface{}, there's a need to type-assert data when retrieving it. We'll use the Person struct we registered above:

func MyHandler(w http.ResponseWriter, r *http.Request) {
	session, err := store.Get(r, "session-name")
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	// Retrieve our struct and type-assert it
	val := session.Values["person"]
	var person = &Person{}
	if person, ok := val.(*Person); !ok {
		// Handle the case that it's not an expected type
	}

	// Now we can use our person object
}

By default, session cookies last for a month. This is probably too long for some cases, but it is easy to change this and other attributes during runtime. Sessions can be configured individually or the store can be configured and then all sessions saved using it will use that configuration. We access session.Options or store.Options to set a new configuration. The fields are basically a subset of http.Cookie fields. Let's change the maximum age of a session to one week:

session.Options = &sessions.Options{
	Path:     "/",
	MaxAge:   86400 * 7,
	HttpOnly: true,
}

Sometimes we may want to change authentication and/or encryption keys without breaking existing sessions. The CookieStore supports key rotation, and to use it you just need to set multiple authentication and encryption keys, in pairs, to be tested in order:

var store = sessions.NewCookieStore(
	[]byte("new-authentication-key"),
	[]byte("new-encryption-key"),
	[]byte("old-authentication-key"),
	[]byte("old-encryption-key"),
)

New sessions will be saved using the first pair. Old sessions can still be read because the first pair will fail, and the second will be tested. This makes it easy to "rotate" secret keys and still be able to validate existing sessions. Note: for all pairs the encryption key is optional; set it to nil or omit it and and encryption won't be used.

Multiple sessions can be used in the same request, even with different session backends. When this happens, calling Save() on each session individually would be cumbersome, so we have a way to save all sessions at once: it's sessions.Save(). Here's an example:

var store = sessions.NewCookieStore([]byte("something-very-secret"))

func MyHandler(w http.ResponseWriter, r *http.Request) {
	// Get a session and set a value.
	session1, _ := store.Get(r, "session-one")
	session1.Values["foo"] = "bar"
	// Get another session and set another value.
	session2, _ := store.Get(r, "session-two")
	session2.Values[42] = 43
	// Save all sessions.
	sessions.Save(r, w)
}

This is possible because when we call Get() from a session store, it adds the session to a common registry. Save() uses it to save all registered sessions.

Index ¶

func NewCookie(name, value string, options *Options) *http.Cookie
func Save(r *http.Request, w http.ResponseWriter) error
type MockStore
type MultiError
- func (m MultiError) Error() string
type Options
type Registry
- func GetRegistry(r *http.Request) *Registry
- func (s *Registry) Get(store Store, name string) (session *Session, err error)
- func (s *Registry) Save(w http.ResponseWriter) error
type Serializer
type Session
- func NewSession(store Store, name string) *Session
type Store

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewCookie ¶

func NewCookie(name, value string, options *Options) *http.Cookie

NewCookie returns an http.Cookie with the options set. It also sets the Expires field calculated based on the MaxAge value, for Internet Explorer compatibility.

func Save ¶

func Save(r *http.Request, w http.ResponseWriter) error

Save saves all sessions used during the current request.

Types ¶

type MockStore ¶

type MockStore struct {
	mock.Mock
}

func (*MockStore) Delete ¶

func (_m *MockStore) Delete(r *http.Request, w http.ResponseWriter, session *Session) error

func (*MockStore) DeleteByID ¶

func (_m *MockStore) DeleteByID(ids ...string) error

func (*MockStore) Get ¶

func (_m *MockStore) Get(r *http.Request, name string) (*Session, error)

func (*MockStore) GetAll ¶

func (_m *MockStore) GetAll() ([]*Session, error)

func (*MockStore) New ¶

func (_m *MockStore) New(r *http.Request, name string) (*Session, error)

func (*MockStore) Options ¶

func (_m *MockStore) Options(opts *Options)

func (*MockStore) Save ¶

func (_m *MockStore) Save(r *http.Request, w http.ResponseWriter, session *Session) error

type MultiError ¶

type MultiError []error

MultiError stores multiple errors.

Borrowed from the App Engine SDK.

func (MultiError) Error ¶

func (m MultiError) Error() string

type Options ¶

type Options struct {
	Path   string
	Domain string
	// MaxAge=0 means no Max-Age attribute specified and the cookie will be
	// deleted after the browser session ends.
	// MaxAge<0 means delete cookie immediately.
	// MaxAge>0 means Max-Age attribute present and given in seconds.
	MaxAge   int
	Secure   bool
	HttpOnly bool
	// Defaults to http.SameSiteDefaultMode
	SameSite http.SameSite
}

Options stores configuration for a session or session store.

Fields are a subset of http.Cookie fields.

type Registry ¶

type Registry struct {
	// contains filtered or unexported fields
}

Registry stores sessions used during a request.

func GetRegistry ¶

func GetRegistry(r *http.Request) *Registry

GetRegistry returns a registry instance for the current request.

func (*Registry) Get ¶

func (s *Registry) Get(store Store, name string) (session *Session, err error)

Get registers and returns a session for the given name and session store.

It returns a new session if there are no sessions registered for the name.

func (*Registry) Save ¶

func (s *Registry) Save(w http.ResponseWriter) error

Save saves all sessions registered for the current request.

type Serializer ¶

type Serializer interface {
	Deserialize(d []byte, ss *Session) error
	Serialize(ss *Session) ([]byte, error)
}

type Session ¶

type Session struct {
	// The ID of the session, generated by stores. It should not be used for
	// user data.
	ID string
	// Values contains the user-data for the session.
	Values  map[interface{}]interface{}
	Options *Options
	IsNew   bool
	// contains filtered or unexported fields
}

Session stores the values and optional configuration for a session.

func NewSession ¶

func NewSession(store Store, name string) *Session

NewSession is called by session stores to create a new session instance.

func (*Session) AddFlash ¶

func (s *Session) AddFlash(value interface{}, vars ...string)

AddFlash adds a flash message to the session.

A single variadic argument is accepted, and it is optional: it defines the flash key. If not defined "_flash" is used by default.

func (*Session) Flashes ¶

func (s *Session) Flashes(vars ...string) []interface{}

Flashes returns a slice of flash messages from the session.

A single variadic argument is accepted, and it is optional: it defines the flash key. If not defined "_flash" is used by default.

func (*Session) Name ¶

func (s *Session) Name() string

Name returns the name used to register the session.

func (*Session) Save ¶

func (s *Session) Save(r *http.Request, w http.ResponseWriter) error

Save is a convenience method to save this session. It is the same as calling store.Save(request, response, session). You should call Save before writing to the response or returning from the handler.

func (*Session) Store ¶

func (s *Session) Store() Store

Store returns the session store used to register the session.

type Store ¶

type Store interface {
	// Get should return a cached session.
	Get(r *http.Request, name string) (*Session, error)

	// New should create and return a new session.
	//
	// Note that New should never return a nil session, even in the case of
	// an error if using the Registry infrastructure to cache the session.
	New(r *http.Request, name string) (*Session, error)

	// Save should persist session to the underlying store implementation.
	Save(r *http.Request, w http.ResponseWriter, s *Session) error

	GetAll() ([]*Session, error)
	DeleteByID(ids ...string) error
	Options(options *Options)
}

Store is an interface for custom session stores.

See CookieStore and FilesystemStore for examples.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cookie
gin-sessions
redis
serializer

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL