session

package module
v0.0.0-...-9b82291 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 4, 2014 License: MIT Imports: 10 Imported by: 0

README

GO Encrypted Token Session GoDoc

goETS is an implementation of the Encrypted Token Paturn Session written for Negroni middleware.

Usage

Options
- MaxAge   - is the max length of time in seconds that a session token is valid
- CryptKey - is the secret 256 bit AES key

Examples

General Example
    // Setting up the session options
	var sOpt = new(session.Options)
	
	// Set the max age of the session in seconds
	sOpt.MaxAge = 30 * 60 // 30min * 60 sec/min
	
	// This is only a test key, the key needs to be secret.
	sOpt.CryptKey = []byte("n+D+LpWrHpjzhe4HyPdALAbwrB4vk1WV")

	n := negroni.Classic()

	// Using the session middleware in Negroni
	n.Use(session.NewSession(sOpt))
Setting Session
	context.Set(req, session.CONTEXT_KEY, "1")
Clearing Session
	context.Set(req, session.CONTEXT_KEY, "")
Retrieving session
	sesStr := context.Get(req, session.CONTEXT_KEY).(string)

Documentation

Overview

goETS is a session management middleware that does not require a database call to check the session and implements the Encrypted Token Pattern helping prevent CSRF. More information about the Encypted Token Pattern can be found at: (https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Encrypted_Token_Pattern).

Index

Examples

Constants

View Source 
const CONTEXT_KEY string = "session_id"
View Source 
const KeySize = 32

KeySize is size of AES-256-GCM keys in bytes.

Variables

This section is empty.

Functions

This section is empty.

Types

type Options 

type Options struct {
	MaxAge   int64
	CryptKey []byte
}

type Session 

type Session struct {
	// contains filtered or unexported fields
}
Example (NegroniMiddleware)

Demonstrates the general usage of this package with negroni 

// Setting up the session options
var sOpt = new(session.Options)
// Set the max age of the session in seconds
sOpt.MaxAge = 30 * 60 // 30min * 60 sec/min
// This is only a test key, the key needs to be secret.
sOpt.CryptKey = []byte("n+D+LpWrHpjzhe4HyPdALAbwrB4vk1WV")

n := negroni.Classic()

// Using the session middleware in Negroni
n.Use(session.NewSession(sOpt))

mux := http.NewServeMux()

mux.HandleFunc("/setSession", func(w http.ResponseWriter, req *http.Request) {
	// Setting the session on an individual request, if you do not modify the
	// session it will retain its settings for the request
	context.Set(req, session.CONTEXT_KEY, "1")
})

mux.HandleFunc("/getSession", func(w http.ResponseWriter, req *http.Request) {
	// Retrieving the session unique identifier
	_ = context.Get(req, session.CONTEXT_KEY).(string)

})

func NewSession 

func NewSession(opt *Options) *Session

NewSession is used in the creation of the Negroni middleware

func (*Session) ServeHTTP 

func (s *Session) ServeHTTP(w http.ResponseWriter, req *http.Request, next http.HandlerFunc)

ServeHTTP is a http server handeler for the middleware which handles the session data and stores the session id in the context.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.