Documentation
¶
Index ¶
- Variables
- type CacheSessionBackend
- type Session
- type SessionBackend
- type SessionIDGenerator
- type SessionManager
- func (sm *SessionManager) CreateSession() (string, error)
- func (sm *SessionManager) DestroySession(sessionID string) error
- func (sm *SessionManager) GetAndRenewSession(sessionID string) (*Session, error)
- func (sm *SessionManager) GetSession(sessionID string) (*Session, error)
- func (sm *SessionManager) RotateSession(oldSessionID string) (string, error)
- func (sm *SessionManager) UpdateSession(sessionID string, key string, value interface{}) error
- func (sm *SessionManager) VerifySessionID(signedID string) error
- type SessionManagerOption
- func WithCreateHook(hook func(sessionID string)) SessionManagerOption
- func WithDestroyHook(hook func(sessionID string)) SessionManagerOption
- func WithIDGenerator(generator SessionIDGenerator) SessionManagerOption
- func WithSecretKey(secretKey string) SessionManagerOption
- func WithTTL(ttl time.Duration) SessionManagerOption
- func WithUpdateHook(hook func(sessionID string, key string)) SessionManagerOption
Constants ¶
This section is empty.
Variables ¶
Functions ¶
This section is empty.
Types ¶
type CacheSessionBackend ¶
type CacheSessionBackend struct {
// contains filtered or unexported fields
}
CacheSessionBackend implements SessionBackend using a cache backend.
func NewCacheSessionBackend ¶
func NewCacheSessionBackend(numShards, capacity int, cleanupInterval time.Duration) *CacheSessionBackend
NewCacheSessionBackend creates a new CacheSessionBackend instance.
func (*CacheSessionBackend) Delete ¶
func (s *CacheSessionBackend) Delete(sessionID string) error
func (*CacheSessionBackend) Exists ¶
func (s *CacheSessionBackend) Exists(sessionID string) bool
type Session ¶
type Session struct {
// Session ID
ID string
// Expiration time
ExpiresAt time.Time
// Data stored in the session
Data map[string]interface{}
}
Session represents a single session
type SessionBackend ¶
type SessionBackend interface {
// Save a session.
Save(session *Session, ttl time.Duration) error
// Load a session.
Load(sessionID string) (*Session, error)
// Delete a session.
Delete(sessionID string) error
// Check if a session exists.
Exists(sessionID string) bool
}
SessionBackend defines a generic interface for session storage.
type SessionIDGenerator ¶
type SessionIDGenerator func() string
SessionIDGenerator defines a function for generating session IDs.
type SessionManager ¶
type SessionManager struct {
// contains filtered or unexported fields
}
SessionManager manages sessions.
func NewSessionManager ¶
func NewSessionManager(backend SessionBackend, opts ...SessionManagerOption) *SessionManager
NewSessionManager creates a new SessionManager instance.
func (*SessionManager) CreateSession ¶
func (sm *SessionManager) CreateSession() (string, error)
CreateSession generates a new session with a signed ID.
func (*SessionManager) DestroySession ¶
func (sm *SessionManager) DestroySession(sessionID string) error
func (*SessionManager) GetAndRenewSession ¶
func (sm *SessionManager) GetAndRenewSession(sessionID string) (*Session, error)
func (*SessionManager) GetSession ¶
func (sm *SessionManager) GetSession(sessionID string) (*Session, error)
func (*SessionManager) RotateSession ¶
func (sm *SessionManager) RotateSession(oldSessionID string) (string, error)
RotateSession regenerates the session ID while keeping session data intact.
Which scenarios are suitable for using session rotation mechanism? After user authentication When the user successfully logs in, a new session ID is generated to prevent attackers from hijacking the old session ID before authentication.
Before and after sensitive operations Rotating session IDs enhances security after users perform certain sensitive operations, such as changing passwords or making payments.
Regular rotation Regularly rotate session IDs to reduce the risk of session IDs being brute force cracked or stolen.
func (*SessionManager) UpdateSession ¶
func (sm *SessionManager) UpdateSession(sessionID string, key string, value interface{}) error
func (*SessionManager) VerifySessionID ¶
func (sm *SessionManager) VerifySessionID(signedID string) error
VerifySessionID verifies the HMAC signature of a session ID.
type SessionManagerOption ¶
type SessionManagerOption func(*SessionManager)
SessionManagerOption defines a configuration option for SessionManager.
func WithCreateHook ¶
func WithCreateHook(hook func(sessionID string)) SessionManagerOption
WithCreateHook sets the on-create hook.
func WithDestroyHook ¶
func WithDestroyHook(hook func(sessionID string)) SessionManagerOption
SetOnDestroy sets the on-destroy hook.
func WithIDGenerator ¶
func WithIDGenerator(generator SessionIDGenerator) SessionManagerOption
WithIDGenerator sets a custom session ID generator.
func WithSecretKey ¶
func WithSecretKey(secretKey string) SessionManagerOption
WithSecretKey sets a custom secret key for HMAC signature.
func WithTTL ¶
func WithTTL(ttl time.Duration) SessionManagerOption
WithTTL sets a custom TTL for sessions.
func WithUpdateHook ¶
func WithUpdateHook(hook func(sessionID string, key string)) SessionManagerOption
WithUpdateHook sets the on-update hook.
Source Files