Documentation ¶
Index ¶
- Variables
- func GenerateToken() (string, error)
- type Manager
- func (m *Manager) AddToContext(ctx context.Context, session *Session) context.Context
- func (m *Manager) Domain(s string)
- func (m *Manager) HttpOnly(b bool)
- func (m *Manager) IdleTimeout(t time.Duration)
- func (m *Manager) Lifetime(t time.Duration)
- func (m *Manager) Load(token string) *Session
- func (m *Manager) LoadFromContext(ctx context.Context) *Session
- func (m *Manager) LoadRequest(r *http.Request) *Session
- func (m *Manager) Multi(next http.Handler) http.Handler
- func (m *Manager) Name(s string)
- func (m *Manager) Path(s string)
- func (m *Manager) Persist(b bool)
- func (m *Manager) SameSite(s string)
- func (m *Manager) Secure(b bool)
- func (m *Manager) Use(next http.Handler) http.Handler
- type Session
- func (s *Session) Clear() error
- func (s *Session) Destroy(w http.ResponseWriter) error
- func (s *Session) Exists(key string) (bool, error)
- func (s *Session) GetBool(key string) (bool, error)
- func (s *Session) GetBytes(key string) ([]byte, error)
- func (s *Session) GetFloat(key string) (float64, error)
- func (s *Session) GetInt(key string) (int, error)
- func (s *Session) GetInt64(key string) (int64, error)
- func (s *Session) GetObject(key string, dst interface{}) error
- func (s *Session) GetString(key string) (string, error)
- func (s *Session) GetTime(key string) (time.Time, error)
- func (s *Session) Keys() ([]string, error)
- func (s *Session) PopBool(key string) (bool, error)
- func (s *Session) PopBytes(key string) ([]byte, error)
- func (s *Session) PopFloat(key string) (float64, error)
- func (s *Session) PopInt(key string) (int, error)
- func (s *Session) PopInt64(key string) (int64, error)
- func (s *Session) PopObject(key string, dst interface{}) error
- func (s *Session) PopString(key string) (string, error)
- func (s *Session) PopTime(key string) (time.Time, error)
- func (s *Session) PutBool(key string, val bool) error
- func (s *Session) PutBytes(key string, val []byte) error
- func (s *Session) PutFloat(key string, val float64) error
- func (s *Session) PutInt(key string, val int) error
- func (s *Session) PutInt64(key string, val int64) error
- func (s *Session) PutObject(key string, val interface{}) error
- func (s *Session) PutString(key string, val string) error
- func (s *Session) PutTime(key string, val time.Time) error
- func (s *Session) Remove(key string) error
- func (s *Session) RenewToken() error
- func (s *Session) SetInitialToken(token string) error
- func (s *Session) Token() string
- func (s *Session) Touch(w http.ResponseWriter) error
- func (s *Session) Write() error
- func (s *Session) WriteHttp(w http.ResponseWriter) error
- type Store
Constants ¶
This section is empty.
Variables ¶
var CookieName = "session"
Deprecated: Please use the Manager.Name() method to change the name of the session cookie.
var ErrTypeAssertionFailed = errors.New("type assertion failed")
ErrTypeAssertionFailed is returned by operations on session data where the received value could not be type asserted or converted into the required type.
Functions ¶
func GenerateToken ¶ added in v1.5.0
Types ¶
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager is a session manager.
func NewCookieManager ¶
func NewManager ¶
NewManager returns a pointer to a new session manager.
func (*Manager) AddToContext ¶ added in v1.3.0
AddToContext adds session data to a given context.Context object.
func (*Manager) Domain ¶
Domain sets the 'Domain' attribute on the session cookie. By default it will be set to the domain name that the cookie was issued from.
func (*Manager) HttpOnly ¶
HttpOnly sets the 'HttpOnly' attribute on the session cookie. The default value is true.
func (*Manager) IdleTimeout ¶
IdleTimeout sets the maximum length of time a session can be inactive before it expires. For example, some applications may wish to set this so there is a timeout after 20 minutes of inactivity. The inactivity period is reset whenever the session data is changed (but not read).
By default IdleTimeout is not set and there is no inactivity timeout.
func (*Manager) Lifetime ¶
Lifetime sets the maximum length of time that a session is valid for before it expires. The lifetime is an 'absolute expiry' which is set when the session is first created and does not change.
The default value is 24 hours.
func (*Manager) LoadFromContext ¶ added in v1.3.0
LoadFromContext returns session data from a given context.Context object.
func (*Manager) LoadRequest ¶ added in v1.5.0
Load returns the session data for the current request.
func (*Manager) Name ¶ added in v1.1.0
Name sets the name of the session cookie. This name should not contain whitespace, commas, semicolons, backslashes, the equals sign or control characters as per RFC6265.
func (*Manager) Path ¶
Path sets the 'Path' attribute on the session cookie. The default value is "/". Passing the empty string "" will result in it being set to the path that the cookie was issued from.
func (*Manager) Persist ¶
Persist sets whether the session cookie should be persistent or not (i.e. whether it should be retained after a user closes their browser).
The default value is false, which means that the session cookie will be destroyed when the user closes their browser. If set to true, explicit 'Expires' and 'MaxAge' values will be added to the cookie and it will be retained by the user's browser until the given expiry time is reached.
func (*Manager) SameSite ¶ added in v1.4.0
SameSite sets the 'SameSite' attribute on the session cookie. The default value is nil; setting no SameSite attribute. Allowed values are "Lax" and "Strict". Note that "" (empty-string) causes SameSite to NOT be set -- don't confuse this with the cookie's 'SameSite' attribute (without Lax/Strict), which would default to "Strict".
type Session ¶
type Session struct {
// contains filtered or unexported fields
}
Session contains data for the current session.
func (*Session) Clear ¶
Clear removes all data for the current session. The session token and lifetime are unaffected. If there is no data in the current session this operation is a no-op.
func (*Session) Destroy ¶
func (s *Session) Destroy(w http.ResponseWriter) error
Destroy deletes the current session. The session token and accompanying data are deleted from the session store, and the client is instructed to delete the session cookie.
Any further operations on the session in the same request cycle will result in a new session being created.
A new empty session will be created for any client that subsequently tries to use the destroyed session token.
func (*Session) GetBool ¶
GetBool returns the bool value for a given key from the session data. The zero value for a bool (false) is returned if the key does not exist. An ErrTypeAssertionFailed error is returned if the value could not be type asserted to a bool.
func (*Session) GetBytes ¶
GetBytes returns the byte slice ([]byte) value for a given key from the session data. The zero value for a slice (nil) is returned if the key does not exist. An ErrTypeAssertionFailed error is returned if the value could not be type asserted or converted to []byte.
func (*Session) GetFloat ¶
GetFloat returns the float64 value for a given key from the session data. The zero value for an float (0) is returned if the key does not exist. An ErrTypeAssertionFailed error is returned if the value could not be type asserted or converted to a float64.
func (*Session) GetInt ¶
GetInt returns the int value for a given key from the session data. The zero value for an int (0) is returned if the key does not exist. An ErrTypeAssertionFailed error is returned if the value could not be type asserted or converted to a int.
func (*Session) GetInt64 ¶
GetInt64 returns the int64 value for a given key from the session data. The zero value for an int (0) is returned if the key does not exist. An ErrTypeAssertionFailed error is returned if the value could not be type asserted or converted to a int64.
func (*Session) GetObject ¶
GetObject reads the data for a given session key into an arbitrary object (represented by the dst parameter). It should only be used to retrieve custom data types that have been stored using PutObject. The object represented by dst will remain unchanged if the key does not exist.
The dst parameter must be a pointer.
func (*Session) GetString ¶
GetString returns the string value for a given key from the session data. The zero value for a string ("") is returned if the key does not exist. An ErrTypeAssertionFailed error is returned if the value could not be type asserted or converted to a string.
func (*Session) GetTime ¶
GetTime returns the time.Time value for a given key from the session data. The zero value for a time.Time object is returned if the key does not exist (this can be checked for with the time.IsZero method). An ErrTypeAssertionFailed error is returned if the value could not be type asserted or converted to a time.Time.
func (*Session) Keys ¶
Keys returns a slice of all key names present in the session data, sorted alphabetically. If the session contains no data then an empty slice will be returned.
func (*Session) PopBool ¶
PopBool removes the bool value for a given key from the session data and returns it. The zero value for a bool (false) is returned if the key does not exist. An ErrTypeAssertionFailed error is returned if the value could not be type asserted to a bool.
func (*Session) PopBytes ¶
PopBytes removes the byte slice ([]byte) value for a given key from the session data and returns it. The zero value for a slice (nil) is returned if the key does not exist. An ErrTypeAssertionFailed error is returned if the value could not be type asserted or converted to a []byte.
func (*Session) PopFloat ¶
PopFloat removes the float64 value for a given key from the session data and returns it. The zero value for an float (0) is returned if the key does not exist. An ErrTypeAssertionFailed error is returned if the value could not be type asserted or converted to a float64.
func (*Session) PopInt ¶
PopInt removes the int value for a given key from the session data and returns it. The zero value for an int (0) is returned if the key does not exist. An ErrTypeAssertionFailed error is returned if the value could not be type asserted or converted to a int.
func (*Session) PopInt64 ¶
PopInt64 remvoes the int64 value for a given key from the session data and returns it. The zero value for an int (0) is returned if the key does not exist. An ErrTypeAssertionFailed error is returned if the value could not be type asserted or converted to a int64.
func (*Session) PopObject ¶
PopObject removes the data for a given session key and reads it into a custom object (represented by the dst parameter). It should only be used to retrieve custom data types that have been stored using PutObject. The object represented by dst will remain unchanged if the key does not exist.
The dst parameter must be a pointer.
func (*Session) PopString ¶
PopString removes the string value for a given key from the session data and returns it. The zero value for a string ("") is returned if the key does not exist. An ErrTypeAssertionFailed error is returned if the value could not be type asserted to a string.
func (*Session) PopTime ¶
PopTime removes the time.Time value for a given key from the session data and returns it. The zero value for a time.Time object is returned if the key does not exist (this can be checked for with the time.IsZero method). An ErrTypeAssertionFailed error is returned if the value could not be type asserted or converted to a time.Time.
func (*Session) PutBool ¶
PutBool adds a bool value and corresponding key to the session data. Any existing value for the key will be replaced.
func (*Session) PutBytes ¶
PutBytes adds a byte slice ([]byte) value and corresponding key to the the session data. Any existing value for the key will be replaced.
func (*Session) PutFloat ¶
PutFloat adds an float64 value and corresponding key to the session data. Any existing value for the key will be replaced.
func (*Session) PutInt ¶
PutInt adds an int value and corresponding key to the session data. Any existing value for the key will be replaced.
func (*Session) PutInt64 ¶
PutInt64 adds an int64 value and corresponding key to the session data. Any existing value for the key will be replaced.
func (*Session) PutObject ¶
PutObject adds an arbitrary object and corresponding key to the the session data. Any existing value for the key will be replaced.
The val parameter must be a pointer to your object.
PutObject is typically used to store custom data types. It encodes the object into a gob and then into a base64-encoded string which is persisted by the session store. This makes PutObject (and the accompanying GetObject and PopObject functions) comparatively expensive operations.
Because gob encoding is used, the fields on custom types must be exported in order to be persisted correctly. Custom data types must also be registered with gob.Register before PutObject is called (see https://golang.org/pkg/encoding/gob/#Register).
func (*Session) PutString ¶
PutString adds a string value and corresponding key to the the session data. Any existing value for the key will be replaced.
func (*Session) PutTime ¶
PutTime adds an time.Time value and corresponding key to the session data. Any existing value for the key will be replaced.
func (*Session) Remove ¶
Remove deletes the given key and corresponding value from the session data. If the key is not present this operation is a no-op.
func (*Session) RenewToken ¶
RenewToken creates a new session token while retaining the current session data. The session lifetime is also reset.
The old session token and accompanying data are deleted from the session store.
To mitigate the risk of session fixation attacks, it's important that you call RenewToken before making any changes to privilege levels (e.g. login and logout operations). See https://www.owasp.org/index.php/Session_fixation for additional information.
func (*Session) SetInitialToken ¶ added in v1.5.0
func (*Session) Token ¶ added in v1.4.0
Token returns the token value that represents given session data. NOTE: The method returns the empty string if session hasn't yet been written to the store. If you're using the CookieStore this token will change each time the session is modified.
type Store ¶
type Store interface { // Delete should remove the session token and corresponding data from the // session store. If the token does not exist then Delete should be a no-op // and return nil (not an error). Delete(token string) (err error) // Find should return the data for a session token from the session store. // If the session token is not found or is expired, the found return value // should be false (and the err return value should be nil). Similarly, tampered // or malformed tokens should result in a found return value of false and a // nil err value. The err return value should be used for system errors only. Find(token string) (b []byte, found bool, err error) // Save should add the session token and data to the session store, with // the given expiry time. If the session token already exists, then the data // and expiry time should be overwritten. Save(token string, b []byte, expiry time.Time) (err error) }
Store is the interface for session stores.
Directories ¶
Path | Synopsis |
---|---|
stores
|
|
boltstore
Package boltstore is a boltdb based session store for the SCS session package.
|
Package boltstore is a boltdb based session store for the SCS session package. |
buntstore
Package buntstore is a buntdb based session store for the SCS session package.
|
Package buntstore is a buntdb based session store for the SCS session package. |
dynamostore
Package dynamostore is a DynamoDB-based session store for the SCS session package.
|
Package dynamostore is a DynamoDB-based session store for the SCS session package. |
memstore
Package memstore is a in-memory session store for the SCS session package.
|
Package memstore is a in-memory session store for the SCS session package. |
mysqlstore
Package mysqlstore is a MySQL-based session store for the SCS session package.
|
Package mysqlstore is a MySQL-based session store for the SCS session package. |
pgstore
Package pgstore is a PostgreSQL-based session store for the SCS session package.
|
Package pgstore is a PostgreSQL-based session store for the SCS session package. |
qlstore
Package qlstore is a ql-based session store for the SCS session package.
|
Package qlstore is a ql-based session store for the SCS session package. |
redisstore
Package redisstore is a Redis-based session store for the SCS session package.
|
Package redisstore is a Redis-based session store for the SCS session package. |