session

package
v0.1.149 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 23, 2026 License: MIT Imports: 9 Imported by: 0

Documentation

Overview

Package session provides session store, CSRF token handling, and session cookie options for the web application. It is used by the server package for authentication and form protection.

Index

Constants

View Source 
const SessionName = "session-name"

SessionName is the canonical cookie name used across the application.

Variables

This section is empty.

Functions

func ClearSessionCookie 

func ClearSessionCookie(store *sessions.CookieStore, w http.ResponseWriter, r *http.Request)

ClearSessionCookie removes the session cookie using the store options so path/domain/flags match and browsers drop it. Per RFC 6265, Domain is only set for domain names, not for IP addresses.

func EnsureCsrfToken 

func EnsureCsrfToken(store *sessions.CookieStore, w http.ResponseWriter, r *http.Request) string

EnsureCsrfToken ensures a CSRF token exists in the session and returns it. If none is present, it generates a new one. If the session cookie is invalid (e.g., after secret rotation), the cookie is cleared and a new session is used.

func GetSessionOptions 

func GetSessionOptions(cfg *OptionsConfig) *sessions.Options

GetSessionOptions returns session cookie options from cfg. If cfg is nil, defaults are used.

func ValidateCsrfToken 

func ValidateCsrfToken(store *sessions.CookieStore, r *http.Request) bool

ValidateCsrfToken checks the CSRF token in the request form against the session. Returns false if the session has no token or the form token is missing or doesn't match.

Types

type Manager 

type Manager struct {
	// contains filtered or unexported fields
}

Manager implements SessionManager by wrapping a session store and providing access to session configuration. The configGetter function is called to retrieve the current OptionsConfig whenever GetOptions() is invoked.

func NewManager 

func NewManager(store *sessions.CookieStore, configGetter func() *OptionsConfig) *Manager

NewManager creates a new SessionManager implementation. The configGetter function is called each time GetOptions() is invoked to get the current session configuration. This allows the manager to respond to configuration changes without requiring explicit updates.

func (*Manager) ClearSession 

func (m *Manager) ClearSession(w http.ResponseWriter, r *http.Request)

ClearSession removes the session cookie. Delegates to the package-level ClearSessionCookie function.

func (*Manager) EnsureCSRFToken 

func (m *Manager) EnsureCSRFToken(w http.ResponseWriter, r *http.Request) string

EnsureCSRFToken ensures a CSRF token exists in the session and returns it. Delegates to the package-level EnsureCsrfToken function.

func (*Manager) GetOptions 

func (m *Manager) GetOptions() *sessions.Options

GetOptions returns the current session cookie options by calling GetSessionOptions with the configuration provided by the configGetter function.

func (*Manager) GetSession 

func (m *Manager) GetSession(r *http.Request) (*sessions.Session, error)

GetSession retrieves the session from the request. If the session cookie is invalid, it clears the cookie and returns a new session.

func (*Manager) IsAuthenticated 

func (m *Manager) IsAuthenticated(r *http.Request) bool

IsAuthenticated returns true if the user is authenticated.

func (*Manager) SaveSession 

func (m *Manager) SaveSession(w http.ResponseWriter, r *http.Request, sess *sessions.Session) error

SaveSession saves the session to the response.

func (*Manager) SetAuthenticated 

func (m *Manager) SetAuthenticated(w http.ResponseWriter, r *http.Request, authenticated bool) error

SetAuthenticated sets the authenticated status for the session.

func (*Manager) ValidateCSRFToken 

func (m *Manager) ValidateCSRFToken(r *http.Request) bool

ValidateCSRFToken validates the CSRF token in the request form against the session. Delegates to the package-level ValidateCsrfToken function.

type OptionsConfig 

type OptionsConfig struct {
	SessionMaxAge   int
	SessionHttpOnly bool
	SessionSecure   bool
	SessionSameSite string
}

OptionsConfig holds session cookie configuration. When nil is passed to GetSessionOptions, defaults are used with env overrides (SEPG_SESSION_HTTPONLY, SEPG_SESSION_SECURE).

type SessionManager 

type SessionManager interface {
	GetOptions() *sessions.Options
	EnsureCSRFToken(w http.ResponseWriter, r *http.Request) string
	ValidateCSRFToken(r *http.Request) bool
	ClearSession(w http.ResponseWriter, r *http.Request)

	// GetSession retrieves the session from the request.
	// Returns a new session if one doesn't exist.
	GetSession(r *http.Request) (*sessions.Session, error)

	// SaveSession saves the session to the response.
	SaveSession(w http.ResponseWriter, r *http.Request, sess *sessions.Session) error

	// IsAuthenticated returns true if the user is authenticated.
	IsAuthenticated(r *http.Request) bool

	// SetAuthenticated sets the authenticated status for the session.
	SetAuthenticated(w http.ResponseWriter, r *http.Request, authenticated bool) error
}

SessionManager provides an interface for session management operations. It encapsulates session store access, CSRF token handling, and session options.

type User 

type User struct {
	Username string
	Password string
}

User represents a user's authentication details, including username and hashed password.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.