cookie

package

v0.0.57-rc.30 Latest Latest Go to latest Published: Jul 1, 2023 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/komuw/ong

Documentation ¶

Overview ¶

Package cookie provides utilities for using HTTP cookies.

Index ¶

func Delete(w http.ResponseWriter, name, domain string)
func Get(r *http.Request, name string) (*http.Cookie, error)
func GetEncrypted(r *http.Request, name string, secretKey string) (*http.Cookie, error)
func Set(w http.ResponseWriter, name string, value string, domain string, ...)
func SetEncrypted(r *http.Request, w http.ResponseWriter, name string, value string, ...)

Examples ¶

SetEncrypted

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Delete ¶

func Delete(w http.ResponseWriter, name, domain string)

Delete removes the named cookie.

func Get ¶ added in v0.0.27

func Get(r *http.Request, name string) (*http.Cookie, error)

Get returns a copy of the named cookie.

func GetEncrypted ¶ added in v0.0.11

func GetEncrypted(
	r *http.Request,
	name string,
	secretKey string,
) (*http.Cookie, error)

GetEncrypted authenticates, un-encrypts and returns a copy of the named cookie with the value decrypted.

func Set ¶

func Set(
	w http.ResponseWriter,
	name string,
	value string,
	domain string,
	mAge time.Duration,
	jsAccess bool,
)

Set creates a cookie on the HTTP response.

If domain is an empty string, the cookie is set for the current host(excluding subdomains) else it is set for the given domain and its subdomains. If mAge == 0, a session cookie is created. If mAge < 0, it means delete the cookie now. If jsAccess is false, the cookie will be in-accesible to Javascript. In most cases you should set it to false(exceptions are rare, like when setting a csrf cookie)

func SetEncrypted ¶ added in v0.0.11

func SetEncrypted(
	r *http.Request,
	w http.ResponseWriter,
	name string,
	value string,
	domain string,
	mAge time.Duration,
	secretKey string,
)

SetEncrypted creates a cookie on the HTTP response. The cookie value(but not the name) is encrypted and authenticated using cry.Enc.

Note: While encrypted cookies can guarantee that the data has not been tampered with, that it is all there and correct, and that the clients cannot read its raw value; they cannot guarantee freshness. This means that (similar to plain-text cookies), they are still susceptible to replay attacks

Also see Set

Example ¶

package main

import (
	"encoding/json"
	"fmt"
	"net/http"
	"net/http/httptest"
	"time"

	"github.com/komuw/ong/cookie"
)

type shoppingCart struct {
	ItemName string
	Price    uint8
}

func shoppingCartHandler() http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		cookieName := "cart"
		secretKey := "superSecret"
		item := shoppingCart{ItemName: "shoe", Price: 89}

		b, err := json.Marshal(item)
		if err != nil {
			panic(err)
		}

		cookie.SetEncrypted(
			r,
			w,
			cookieName,
			string(b),
			"example.com",
			2*time.Hour,
			secretKey,
		)

		fmt.Fprint(w, "thanks for shopping!")
	}
}

func main() {
	rec := httptest.NewRecorder()
	req := httptest.NewRequest(http.MethodGet, "/shop", nil)
	shoppingCartHandler().ServeHTTP(rec, req)

	res := rec.Result()
	defer res.Body.Close()

	if res.StatusCode != http.StatusOK {
		panic("unexcpected")
	}

	fmt.Println(res.Cookies()[0].Name)

}

Output:

cart

Types ¶

This section is empty.

Source Files ¶

View all Source files

cookie.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL