Documentation
¶
Overview ¶
Package sess provides an implementation of http sessions that is backed by tamper-proof & encrypted cookies. This package should ideally be used together with the ong github.com/komuw/ong/middleware middlewares.
Index ¶
- Constants
- func Get(r *http.Request, key string) string
- func GetM(r *http.Request) map[string]string
- func Initialise(r *http.Request, secretKey, antiReplay string) *http.Request
- func Save(r *http.Request, w http.ResponseWriter, domain string, mAge time.Duration, ...)
- func Set(r *http.Request, key, value string)
- func SetM(r *http.Request, m M)
- type M
Examples ¶
Constants ¶
const (
// CookieName is the name of the http cookie under which sessions are stored.
CookieName = "ong_sess"
)
Variables ¶
This section is empty.
Functions ¶
func Get ¶
Get retrieves the value corresponding to the given key from the current http session. It returns an empty string if key is not found in the session. r ought to be a request that was created by Initialise
func GetM ¶
GetM retrieves all the key-value pairs found from the current http session. It returns a zero-length map if none is found. r ought to be a request that was created by Initialise
func Initialise ¶
Initialise returns a new http.Request (based on r) that has sessions properly setup. If antiReplay is a non-empty string, it is used to try and mitigate against [replay attacks]. This mitigation not foolproof.
You do not need to call this function, if you are also using the [ong middleware]. Those middleware do so automatically for you.
[replay attacks]: https://en.wikipedia.org/wiki/Replay_attack [ong middleware]: github.com/komuw/ong/middleware
func Save ¶
func Save( r *http.Request, w http.ResponseWriter, domain string, mAge time.Duration, secretKey string, )
Save writes(to http cookies) any key-value pairs that have already been added to the current http session.
You do not need to call this function, if you are also using the ong github.com/komuw/ong/middleware middleware. Those middleware do so automatically for you.
func Set ¶
Set adds the key-value pair to the current http session. r ought to be a request that was created by Initialise
func SetM ¶
SetM adds multiple key-value pairs to the current http session. r ought to be a request that was created by Initialise
Example ¶
package main
import (
"context"
"fmt"
"net/http"
"net/http/httptest"
"os"
"github.com/komuw/ong/config"
"github.com/komuw/ong/log"
"github.com/komuw/ong/middleware"
"github.com/komuw/ong/sess"
)
func loginHandler() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
mySession := map[string]string{
"name": "John Doe",
"favorite_color": "red",
"height": "5 feet 6 inches",
}
sess.SetM(r, mySession)
fmt.Fprint(w, "welcome again.")
}
}
func main() {
l := log.New(context.Background(), os.Stdout, 100)
rec := httptest.NewRecorder()
req := httptest.NewRequest(http.MethodGet, "/login", nil)
handler := middleware.Get(
loginHandler(),
config.WithOpts("example.com", 443, "super-h@rd-Pas1word", config.DirectIpStrategy, l),
)
handler.ServeHTTP(rec, req)
res := rec.Result()
defer res.Body.Close()
if res.StatusCode != http.StatusOK {
panic("unexcpected")
}
fmt.Println(res.Cookies()[0])
}
Source Files