session

Documentation

Overview

Package session uses a database backend to manage session cookies for a server. A seshandler can manage persistent and session only cookies simultaneously.

Once a database connection is established, one can create a seshandler with something like:

sh, err := seshandler.NewSesHandlerWithDB(db, time.Minute * 20, time.Day)

One can create a new (persistent) session with:

session, err := sh.CreateSession("username", true)

The session structs themselves should not be acted upon independently. Instead the sessions should be passed to the handler:

err = sh.DestroySession(session)

This will "destroy" the session struct itself and in the database. Once the struct is destroyed, it can be passed to the handler which will detected its destroyed-ness. For security reasons, a destroyed session cannot be un-destoyed.

A selectorID and a sessionID is generated for each session. The selectorID and a hash of the sessionID is stored in the database. The selectorID and sessionID are sent with the response. This is an idea taken from https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#title.2

This package is best used with an authentication handler.

Index

• type Handler
  • func NewHandlerWithDB(db *sql.DB, tableName, cookieName string, sessionTimeout time.Duration, ...) (*Handler, error)
  • func (sh *Handler) AttachCookie(w http.ResponseWriter, ses *sessions.Session) error
  • func (sh *Handler) CopySession(ses *sessions.Session, persistent bool) *sessions.Session
  • func (sh *Handler) CreateSession(username string, persistent bool) (*sessions.Session, error)
  • func (sh *Handler) DestroySession(ses *sessions.Session) error
  • func (sh *Handler) GetTableName() string
  • func (sh *Handler) LogUserIn(ses *sessions.Session, username string) error
  • func (sh *Handler) LogUserOut(ses *sessions.Session) error
  • func (sh *Handler) ParseSessionCookie(cookie *http.Cookie) (*sessions.Session, error)
  • func (sh *Handler) ParseSessionFromRequest(r *http.Request) (*sessions.Session, error)
  • func (sh *Handler) ReadFlashes(ses *sessions.Session) ([]interface{}, []interface{})
  • func (sh *Handler) UpdateSessionIfValid(ses *sessions.Session) error

Types

type Handler

type Handler struct {
	// contains filtered or unexported fields
}

Handler creates and maintains session in a database.

func NewHandlerWithDB

func NewHandlerWithDB(db *sql.DB, tableName, cookieName string, sessionTimeout time.Duration, persistentSessionTimeout time.Duration, secret []byte) (*Handler, error)

NewHandlerWithDB creates a new session handler. The database connection should be a pointer to the database connection used in the rest of the app for concurrency purposes. If either timeout <= 0, then it is set to 0 (session only cookies).

func (*Handler) AttachCookie

func (sh *Handler) AttachCookie(w http.ResponseWriter, ses *sessions.Session) error

AttachCookie sets a cookie on a ResponseWriter A session is returned because the session may have changed when it is updated

func (*Handler) CopySession

func (sh *Handler) CopySession(ses *sessions.Session, persistent bool) *sessions.Session

CopySession returns a new session with the values of the parameter session (accept selector and session IDs)

func (*Handler) CreateSession

func (sh *Handler) CreateSession(username string, persistent bool) (*sessions.Session, error)

CreateSession generates a new session for the given user ID.

func (*Handler) DestroySession

func (sh *Handler) DestroySession(ses *sessions.Session) error

DestroySession gets rid of a session, if it exists in the database. If destroy is successful, the session pointer is set to nil.

func (*Handler) GetTableName

func (sh *Handler) GetTableName() string

GetTableName returns the table name for this handler.

func (*Handler) LogUserIn

func (sh *Handler) LogUserIn(ses *sessions.Session, username string) error

LogUserIn logs the user into the session and saves the information to the database

func (*Handler) LogUserOut

func (sh *Handler) LogUserOut(ses *sessions.Session) error

LogUserOut logs the user out of the session and saves the information in the database

func (*Handler) ParseSessionCookie

func (sh *Handler) ParseSessionCookie(cookie *http.Cookie) (*sessions.Session, error)

ParseSessionCookie takes a cookie, determines if it is a valid session cookie, and returns the session, if it exists.

func (*Handler) ParseSessionFromRequest

func (sh *Handler) ParseSessionFromRequest(r *http.Request) (*sessions.Session, error)

ParseSessionFromRequest takes a request, determines if there is a valid session cookie, and returns the session, if it exists.

func (*Handler) ReadFlashes

func (sh *Handler) ReadFlashes(ses *sessions.Session) ([]interface{}, []interface{})

ReadFlashes allows reading of the flashes from the session and then updates the database. This is a shorthand for reading flashes from the session and then calling UpdateSession.

func (*Handler) UpdateSessionIfValid

func (sh *Handler) UpdateSessionIfValid(ses *sessions.Session) error

UpdateSessionIfValid resets the expiration of the session from time.Now. Should also be used to verify that a session is valid. If the session is invalid, then a non-nil error will be returned.