cookie

package
v0.3.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 17, 2026 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

Package cookie provides HTTP cookie management with optional signing and encryption.

The Manager handles plain, signed, and encrypted cookies, plus flash messages. Secrets are optional; encrypted and signed operations return ErrNoSecret without one.

Basic Usage

Plain cookies work without a secret: 

import (
	"net/http"

	"github.com/dmitrymomot/forge/pkg/cookie"
)

func handler(w http.ResponseWriter, r *http.Request) {
	m, _ := cookie.New(cookie.Config{})
	m.Set(w, "theme", "dark", 86400)
	value, err := m.Get(r, "theme")
	if err != nil {
		// handle error
	}
}

With Secret

Enable signing and encryption with a 32+ byte secret: 

m, err := cookie.New(cookie.Config{
	Secret:   "your-32+-byte-secret-key-here!!",
	Secure:   true,
	HTTPOnly: true,
})

Signed cookies detect tampering with HMAC-SHA256: 

err := m.SetSigned(w, "session", sessionID, 86400)
value, err := m.GetSigned(r, "session")

Encrypted cookies use AES-256-GCM: 

err := m.SetEncrypted(w, "prefs", userPrefs, 86400)
value, err := m.GetEncrypted(r, "prefs")

Flash Messages

Flash messages are encrypted, single-read values that auto-delete after reading. They are useful for displaying success/error messages after redirects: 

// Set a flash message
m.SetFlash(w, "msg", map[string]string{"type": "success", "text": "Saved!"})

// Read and delete in the same request
var msg map[string]string
err := m.Flash(w, r, "msg", &msg)
// Flash is now deleted (no further reads will return it)

Configuration

Use Config to configure cookie attributes:

  • Secret: Set the secret for signing/encryption (32+ bytes)
  • Domain: Set the cookie domain
  • Path: Set the cookie path (default: "/")
  • SameSite: Set the SameSite attribute as string (default: "lax")
  • Secure: Set the Secure flag (HTTPS only)
  • HTTPOnly: Set the HttpOnly flag (default: false)

Errors

The package defines these sentinel errors:

  • ErrNotFound: Cookie does not exist
  • ErrNoSecret: Secret required for signed/encrypted operations
  • ErrBadSecret: Secret must be at least 32 bytes
  • ErrBadSig: Signature verification failed (tampering detected)
  • ErrDecrypt: Decryption failed (tampering or corruption detected)

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrNotFound  = errors.New("cookie: not found")
	ErrNoSecret  = errors.New("cookie: secret required")
	ErrBadSecret = errors.New("cookie: secret must be 32+ bytes")
	ErrBadSig    = errors.New("cookie: invalid signature")
	ErrDecrypt   = errors.New("cookie: decryption failed")
)

Errors.

Functions

This section is empty.

Types

type Config 

type Config struct {
	Secret   string `env:"SECRET"`
	Domain   string `env:"DOMAIN"`
	Path     string `env:"PATH"      envDefault:"/"`
	SameSite string `env:"SAME_SITE" envDefault:"lax"`
	Secure   bool   `env:"SECURE"    envDefault:"false"`
	HTTPOnly bool   `env:"HTTP_ONLY" envDefault:"true"`
}

Config configures the cookie Manager.

type Manager 

type Manager struct {
	// contains filtered or unexported fields
}

Manager handles cookie operations.

func New 

func New(cfg Config) (*Manager, error)

New creates a cookie Manager with the given config. Returns ErrBadSecret if Secret is non-empty but shorter than 32 bytes.

func (*Manager) Delete 

func (m *Manager) Delete(w http.ResponseWriter, name string)

Delete removes a cookie.

func (*Manager) Flash 

func (m *Manager) Flash(w http.ResponseWriter, r *http.Request, key string, dest any) error

Flash reads and deletes a flash message. Returns ErrNoSecret if no secret is configured. Returns ErrNotFound if the flash cookie doesn't exist.

func (*Manager) Get 

func (m *Manager) Get(r *http.Request, name string) (string, error)

Get returns a plain cookie value.

func (*Manager) GetEncrypted 

func (m *Manager) GetEncrypted(r *http.Request, name string) (string, error)

GetEncrypted returns an encrypted cookie value. Returns ErrNoSecret if no secret is configured. Returns ErrDecrypt if decryption fails.

func (*Manager) GetSigned 

func (m *Manager) GetSigned(r *http.Request, name string) (string, error)

GetSigned returns a signed cookie value. Returns ErrNoSecret if no secret is configured. Returns ErrBadSig if signature verification fails.

func (*Manager) Set 

func (m *Manager) Set(w http.ResponseWriter, name, value string, maxAge int)

Set sets a plain cookie.

func (*Manager) SetEncrypted 

func (m *Manager) SetEncrypted(w http.ResponseWriter, name, value string, maxAge int) error

SetEncrypted sets an encrypted cookie. Returns ErrNoSecret if no secret is configured.

func (*Manager) SetFlash 

func (m *Manager) SetFlash(w http.ResponseWriter, key string, value any) error

SetFlash sets a flash message. Returns ErrNoSecret if no secret is configured.

func (*Manager) SetSigned 

func (m *Manager) SetSigned(w http.ResponseWriter, name, value string, maxAge int) error

SetSigned sets a signed cookie. Returns ErrNoSecret if no secret is configured.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.