package module
Version: v0.0.0-...-2bce066 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Oct 10, 2019 License: BSD-3-Clause Imports: 9 Imported by: 38



GoDoc Build Status Coverage Status Go Report Card

In-memory implementation of gorilla/sessions for use in tests and dev environments

How to install

go get


Documentation, as usual, can be found at

The interface of gorilla/sessions is described at

How to use
package main

import (


func main() {
	// Create a memory store, providing authentication and
	// encryption key for securecookie
	store := memstore.NewMemStore(

	http.HandleFunc("/hello", func(w http.ResponseWriter, r *http.Request) {
		// Get session by name.
		session, err := store.Get(r, "session1")
		if err != nil {
			log.Printf("Error retrieving session: %v", err)

		// The name should be 'foobar' if home page was visited before that and 'Guest' otherwise.
		user, ok := session.Values["username"]
		if !ok {
			user = "Guest"
		fmt.Fprintf(w, "Hello %s", user)

	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
		// Get session by name.
		session, err := store.Get(r, "session1")
		if err != nil {
			log.Printf("Error retrieving session: %v", err)

		// Add values to the session object
		session.Values["username"] = "foobar"
		session.Values["email"] = ""

		// Save values
		err = session.Save(r, w)
		if err != nil {
			log.Fatalf("Error saving session: %v", err)

	log.Printf("listening on http://%s/", "")
	log.Fatal(http.ListenAndServe("", nil))




This section is empty.


This section is empty.


This section is empty.


type MemStore

type MemStore struct {
	Codecs  []securecookie.Codec
	Options *sessions.Options
	// contains filtered or unexported fields

MemStore is an in-memory implementation of gorilla/sessions, suitable for use in tests and development environments. Do not use in production. Values are cached in a map. The cache is protected and can be used by multiple goroutines.

func NewMemStore

func NewMemStore(keyPairs ...[]byte) *MemStore

NewMemStore returns a new MemStore.

Keys are defined in pairs to allow key rotation, but the common case is to set a single authentication key and optionally an encryption key.

The first key in a pair is used for authentication and the second for encryption. The encryption key can be set to nil or omitted in the last pair, but the authentication key is required in all pairs.

It is recommended to use an authentication key with 32 or 64 bytes. The encryption key, if set, must be either 16, 24, or 32 bytes to select AES-128, AES-192, or AES-256 modes.

Use the convenience function securecookie.GenerateRandomKey() to create strong keys.

func (*MemStore) Get

func (m *MemStore) Get(r *http.Request, name string) (*sessions.Session, error)

Get returns a session for the given name after adding it to the registry.

It returns a new session if the sessions doesn't exist. Access IsNew on the session to check if it is an existing session or a new one.

It returns a new session and an error if the session exists but could not be decoded.

func (*MemStore) MaxAge

func (m *MemStore) MaxAge(age int)

MaxAge sets the maximum age for the store and the underlying cookie implementation. Individual sessions can be deleted by setting Options.MaxAge = -1 for that session.

func (*MemStore) New

func (m *MemStore) New(r *http.Request, name string) (*sessions.Session, error)

New returns a session for the given name without adding it to the registry.

The difference between New() and Get() is that calling New() twice will decode the session data twice, while Get() registers and reuses the same decoded session after the first call.

func (*MemStore) Save

Save adds a single session to the response. Set Options.MaxAge to -1 or call MaxAge(-1) before saving the session to delete all values in it.


Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL