Documentation ¶
Overview ¶
Package cookie provides utilities for using HTTP cookies.
Index ¶
- func Delete(w http.ResponseWriter, name, domain string)
- func Get(r *http.Request, name string) (*http.Cookie, error)
- func GetEncrypted(r *http.Request, name string, secretKey string) (*http.Cookie, error)
- func Set(w http.ResponseWriter, name string, value string, domain string, ...)
- func SetAntiReplay(r *http.Request, antiReplay string) *http.Request
- func SetEncrypted(r *http.Request, w http.ResponseWriter, name string, value string, ...)
- func UseClientAntiReplay(r *http.Request) *http.Request
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Delete ¶
func Delete(w http.ResponseWriter, name, domain string)
Delete removes the named cookie.
func GetEncrypted ¶ added in v0.0.11
GetEncrypted authenticates, un-encrypts and returns a copy of the named cookie with the value decrypted.
func Set ¶
func Set( w http.ResponseWriter, name string, value string, domain string, mAge time.Duration, jsAccess bool, )
Set creates a cookie on the HTTP response.
If domain is an empty string, the cookie is set for the current host(excluding subdomains) else it is set for the given domain and its subdomains. If mAge == 0, a session cookie is created. If mAge < 0, it means delete the cookie now. If jsAccess is false, the cookie will be in-accesible to Javascript. In most cases you should set it to false(exceptions are rare, like when setting a csrf cookie)
func SetAntiReplay ¶ added in v0.0.83
SetAntiReplay uses antiReplay to try and mitigate against replay attacks. This mitigation not foolproof.
func SetEncrypted ¶ added in v0.0.11
func SetEncrypted( r *http.Request, w http.ResponseWriter, name string, value string, domain string, mAge time.Duration, secretKey string, )
SetEncrypted creates a cookie on the HTTP response. The cookie value(but not the name) is encrypted and authenticated using cry.Enc.
Note: While encrypted cookies can guarantee that the data has not been tampered with, that it is all there and correct, and that the clients cannot read its raw value; they cannot guarantee freshness. This means that (similar to plain-text cookies), they are still susceptible to replay attacks
Also see Set
Example ¶
package main import ( "encoding/json" "fmt" "net/http" "net/http/httptest" "time" "github.com/komuw/ong/cookie" ) type shoppingCart struct { ItemName string Price uint8 } func shoppingCartHandler() http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { cookieName := "cart" secretKey := "superSecret" item := shoppingCart{ItemName: "shoe", Price: 89} b, err := json.Marshal(item) if err != nil { panic(err) } cookie.SetEncrypted( r, w, cookieName, string(b), "example.com", 2*time.Hour, secretKey, ) fmt.Fprint(w, "thanks for shopping!") } } func main() { rec := httptest.NewRecorder() req := httptest.NewRequest(http.MethodGet, "/shop", nil) shoppingCartHandler().ServeHTTP(rec, req) res := rec.Result() defer res.Body.Close() if res.StatusCode != http.StatusOK { panic("unexcpected") } fmt.Println(res.Cookies()[0].Name) }
Output: cart
func UseClientAntiReplay ¶ added in v0.0.83
UseClientAntiReplay uses the client IP address and client TLS fingerprint to try and mitigate against replay attacks.
Types ¶
This section is empty.