README
¶
Sessions
This package is a wrapper of gorilla/sessions to fix the potential memory leaking problem.
The method is, save the original request pointer and doing all later session operations by this original request pointer. So even application uses WithContext between session calls, the data saved in gorilla/context won't be lost anymore.
Usage
First, setup Config with WithSession middleware to your application like this:
func Handler(logger log.Logger, mux *http.ServeMux) http.Handler {
sessionConf := &sessions.CookieStoreConfig{
Name: "session name",
Key: "session key",
Secure: true,
MaxAge: 0,
}
middleware := server.Compose(
sessions.WithSession(sessionConf),
)
return middleware(mux)
}
Then, You can fetch session from current request's context. The wrapper provides 3 functions, Get, Put, Del.
Here's an example:
sessions.Put(c.Request.Context(), "uid", 123)
key, err := sessions.Get(c.Request.Context(), "uid")
// => 123, nil
session.Del(c.Request.Context(), "uid")
key, err := session.Get(c.Request.Context(), "uid")
// => "", "Cannot find value for: 'uid'"
The reason of the memory leak problem
The leak is in the gorilla/context, it uses *http.Request as the key for its internal map, but between Get and Clear (via context.ClearHandler) the pointer is changed.
func (r *Request) WithContext(ctx context.Context) *Request {
if ctx == nil {
panic("nil context")
}
r2 := new(Request) // original r is replaced by r2, but in the gorilla/context, it still using the r as key
*r2 = *r
r2.ctx = ctx
return r2
}
It is actually a reported issue: https://github.com/gorilla/context/issues/32 that Gorilla contexts play badly with http.Request.WithContext.
General cookie store using gorilla/sessions.CookieStore
The sessions.CookieStoreConfig is compatible with jinzhu/configor with HttpOnly and Secure enabled by default.
It's easy to sessions.NewCookieStore to new a gorilla/sessions.CookieStore using sessions.CookieStoreConfig.
config := sessions.CookieStoreConfig{}
if err := configor.Load(&config); err != nil {
panic(err)
}
cookieStore := sessions.NewCookieStore(config)
// using cookieStore bla bla bla...
Documentation
¶
Index ¶
- func Del(ctx context.Context, key string) error
- func Get(ctx context.Context, key string) (string, error)
- func NewCookieStore(config CookieStoreConfig) *sessions.CookieStore
- func Put(ctx context.Context, key, value string) error
- func WithSession(conf *CookieStoreConfig) func(http.Handler) http.Handler
- type CookieStoreConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewCookieStore ¶
func NewCookieStore(config CookieStoreConfig) *sessions.CookieStore
NewCookieStore initializes a `gorilla/sessions.CookieStore` by `CookieStoreConfig`.
The `gorilla/sessions.CookieStore`: https://github.com/gorilla/sessions/blob/7910f5bb5ac86ab08f97d8bda39b476fc117b684/store.go#L66-L70
func WithSession ¶
func WithSession(conf *CookieStoreConfig) func(http.Handler) http.Handler
WithSession is middleware to generate a session store for the whole request lifetime. later session operations should call `Get`/`Put`/`Del` to work with the session
Types ¶
type CookieStoreConfig ¶
type CookieStoreConfig struct {
Name string `required:"true"`
Key string `required:"true"`
Domain string
Path string `default:"/"`
MaxAge int `default:"2592000"` // 2592000 = 30 * 24 * 60 * 60
NoHTTPOnly bool
NoSecure bool
}
CookieStoreConfig is a general cookie storage configuration. It extends the `gorilla/sessions.Options` and compatible to work with `jinzhu/configor.Load` to be convenient to: * Set the least required fields * Enable the *Secure* and *HttpOnly* by default * Set default value for `Path` and `MaxAge`
The `gorilla/sessions.Options`: https://github.com/gorilla/sessions/blob/7910f5bb5ac86ab08f97d8bda39b476fc117b684/sessions.go#L19-L34
Source Files