cookie

package
v0.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 18, 2026 License: MIT Imports: 10 Imported by: 0

Documentation

Overview

Package cookie implements all cookie handling for the session package

Index

Constants

View Source 
const (
	// SessionID is the key used to store the SessionID in a Secure Cookie
	SessionID cookie.Key = "sessionID"

	// SameSiteStrict is the key used to store the sameSiteStrict cookie setting
	SameSiteStrict cookie.Key = "sameSiteStrict"

	// OIDCState is the key used to store the state
	OIDCState cookie.Key = "state"

	// OIDCPkceVerifier is the key used to store the PKCE verifier
	OIDCPkceVerifier cookie.Key = "pkceVerifier"

	// ReturnURL is the key used to store the return URL
	ReturnURL cookie.Key = "returnURL"
)
View Source 
const (
	// AuthCookieName is the cookie name of the Secure Cookie
	AuthCookieName = "auth"

	// XSRFCookieName is the cookie name of the XSRF Token Cookie
	XSRFCookieName = "XSRF-TOKEN"

	// OIDCCookieName is the cookie name of the OIDC Cookie
	OIDCCookieName = "OIDC"

	// XSRFHeaderName is the header name of the XSRF Token Cookie
	XSRFHeaderName = "X-XSRF-TOKEN"

	// OIDCCookieExpiration is the default expiration for the OIDC Cookie
	OIDCCookieExpiration = 10 * time.Minute
)

Variables

View Source 
var SafeMethods = methods([]string{"GET", "HEAD", "OPTIONS", "TRACE"})

SafeMethods are Idempotent methods as defined by RFC7231 section 4.2.2.

Functions

func ValidSessionID added in v0.7.0 

func ValidSessionID(sessionID string) (ccc.UUID, bool)

ValidSessionID checks that the sessionID is a valid uuid

Types

type Client added in v0.7.0 

type Client struct {
	// contains filtered or unexported fields
}

Client implements all cookie management for session package

func NewCookieClient 

func NewCookieClient(masterKeyBase64 string, opts ...Option) (*Client, error)

NewCookieClient returns a new CookieClient

func (*Client) Cookie added in v0.7.0 

func (c *Client) Cookie() *cookie.Client

Cookie returns the underlying cookie.Client

func (*Client) CreateXSRFTokenCookie added in v0.7.0 

func (c *Client) CreateXSRFTokenCookie(w http.ResponseWriter, sessionID ccc.UUID)

CreateXSRFTokenCookie sets a new cookie

func (*Client) DeleteOidcCookie added in v0.7.0 

func (c *Client) DeleteOidcCookie(w http.ResponseWriter)

DeleteOidcCookie deletes the OIDC cookie from the response

func (*Client) HasValidXSRFToken added in v0.7.0 

func (c *Client) HasValidXSRFToken(r *http.Request) (bool, error)

HasValidXSRFToken checks if the XSRF token is valid

func (*Client) NewAuthCookie added in v0.7.0 

func (c *Client) NewAuthCookie(w http.ResponseWriter, sameSiteStrict bool, sessionID ccc.UUID) cookie.Values

NewAuthCookie writes a new Auth Cookie for given sessionID

func (*Client) ReadAuthCookie added in v0.7.0 

func (c *Client) ReadAuthCookie(r *http.Request) (params cookie.Values, found bool, err error)

ReadAuthCookie reads the Auth cookie from the request

func (*Client) ReadOidcCookie added in v0.7.0 

func (c *Client) ReadOidcCookie(r *http.Request) (params cookie.Values, found bool, err error)

ReadOidcCookie reads the OIDC cookie from the request

func (*Client) RefreshXSRFTokenCookie added in v0.7.0 

func (c *Client) RefreshXSRFTokenCookie(w http.ResponseWriter, r *http.Request, sessionID ccc.UUID) (set bool, err error)

RefreshXSRFTokenCookie updates the cookie when it is close to expiration, or sets it if it does not exist.

func (*Client) WriteAuthCookie added in v0.7.0 

func (c *Client) WriteAuthCookie(w http.ResponseWriter, sameSiteStrict bool, cval cookie.Values)

WriteAuthCookie writes the Auth cookie to the response

func (*Client) WriteOidcCookie added in v0.7.0 

func (c *Client) WriteOidcCookie(w http.ResponseWriter, cval cookie.Values)

WriteOidcCookie writes the OIDC cookie to the response

type Handler added in v0.7.0 

type Handler interface {
	NewAuthCookie(w http.ResponseWriter, sameSiteStrict bool, sessionID ccc.UUID) cookie.Values
	ReadAuthCookie(r *http.Request) (params cookie.Values, found bool, err error)
	WriteAuthCookie(w http.ResponseWriter, sameSiteStrict bool, cval cookie.Values)
	RefreshXSRFTokenCookie(w http.ResponseWriter, r *http.Request, sessionID ccc.UUID) (set bool, err error)
	CreateXSRFTokenCookie(w http.ResponseWriter, sessionID ccc.UUID)
	HasValidXSRFToken(r *http.Request) (bool, error)
	Cookie() *cookie.Client
}

Handler Interface included for testability

type Option added in v0.7.0 

type Option func(*cookieOptions)

Option defines a function signature for setting cookie client options.

func WithCookieDomain added in v0.7.0 

func WithCookieDomain(domain string) Option

WithCookieDomain sets the domain for the session cookie.

func WithCookieName added in v0.7.0 

func WithCookieName(name string) Option

WithCookieName sets the cookie name for the session cookie.

func WithXSRFCookieName added in v0.7.0 

func WithXSRFCookieName(name string) Option

WithXSRFCookieName sets the cookie name for the XSRF cookie.

func WithXSRFHeaderName added in v0.7.0 

func WithXSRFHeaderName(name string) Option

WithXSRFHeaderName sets the header name for the XSRF header.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.