Documentation
¶
Overview ¶
Package cookie provides secure cookie management utilities for web applications, with specialized support for authentication tokens and session management.
This package offers:
- Secure cookie creation and retrieval
- Built-in support for access/refresh tokens
- Automatic cookie attributes (HttpOnly, Secure, SameSite)
- Domain and path configuration
- Cookie deletion helpers
Predefined Cookie Names ¶
The package defines standard cookie names for common use cases:
- AccessTokenName: "access_token" - JWT access token
- RefreshTokenName: "refresh_token" - JWT refresh token
- RegisterTokenName: "register_token" - Registration verification
- DefaultName: "token" - General purpose token
Creating Cookies ¶
// Set an access token cookie cookie.Set(w, cookie.AccessTokenName, "jwt-token-here", 3600) // Set a custom cookie cookie.Set(w, "session_id", sessionID, 86400)
Retrieving Cookies ¶
// Get access token from request
token, err := cookie.Get(r, cookie.AccessTokenName)
if err != nil {
// Cookie not found or invalid
}
Deleting Cookies ¶
// Remove access token cookie.Delete(w, cookie.AccessTokenName) // Remove custom cookie cookie.Delete(w, "session_id")
Security Features ¶
All cookies created by this package automatically include:
- HttpOnly: true (prevents JavaScript access)
- Secure: true in production (HTTPS only)
- SameSite: Lax (CSRF protection)
- Path: / (accessible across entire site)
Cookie values are automatically encoded and decoded for safe transmission.
Index ¶
- Constants
- func Clear(w http.ResponseWriter)
- func ClearAll(w http.ResponseWriter)
- func ClearCSRFToken(w http.ResponseWriter)
- func ClearCookie(w http.ResponseWriter, name string, domain ...string)
- func ClearRegister(w http.ResponseWriter)
- func ClearSessionID(w http.ResponseWriter)
- func Get(r *http.Request, key string) (string, error)
- func GetCSRFToken(r *http.Request) (string, error)
- func GetRegister(r *http.Request, key string) (string, error)
- func GetSessionID(r *http.Request) (string, error)
- func GetTokenFromResult(result *map[string]any, key string) (string, error)
- func Set(w http.ResponseWriter, accessToken, refreshToken, domain string)
- func SetAccessToken(w http.ResponseWriter, accessToken, domain string)
- func SetCSRFToken(w http.ResponseWriter, csrfToken string, domain ...string) error
- func SetRefreshToken(w http.ResponseWriter, refreshToken string, domain ...string)
- func SetRegister(w http.ResponseWriter, registerToken, domain string)
- func SetRegisterTokenFromResult(w http.ResponseWriter, r *http.Request, result *map[string]any, ...) error
- func SetSecureCookie(w http.ResponseWriter, name, value string, maxAge int, domain ...string)
- func SetSessionFromResult(w http.ResponseWriter, r *http.Request, result *map[string]any, ...) error
- func SetSessionID(w http.ResponseWriter, sessionID string, domain ...string) error
- func SetTokensFromResult(w http.ResponseWriter, r *http.Request, result *map[string]any, ...) error
Constants ¶
const ( AccessTokenName = "access_token" RefreshTokenName = "refresh_token" RegisterTokenName = "register_token" SessionIDName = "session_id" CSRFTokenName = "csrf_token" )
Cookie names
const ( AccessTokenMaxAge = 60 * 60 * 24 // 24 hours RefreshTokenMaxAge = 60 * 60 * 24 * 30 // 30 days RegisterTokenMaxAge = 60 * 60 // 1 hour SessionMaxAge = 60 * 60 * 24 // 24 hours CSRFTokenMaxAge = 60 * 60 * 24 // 24 hours )
Cookie max ages (in seconds)
Variables ¶
This section is empty.
Functions ¶
func ClearCSRFToken ¶
func ClearCSRFToken(w http.ResponseWriter)
ClearCSRFToken clears CSRF token cookie
func ClearCookie ¶
func ClearCookie(w http.ResponseWriter, name string, domain ...string)
ClearCookie clears a specific cookie
func ClearRegister ¶
func ClearRegister(w http.ResponseWriter)
ClearRegister clears registration cookie
func ClearSessionID ¶
func ClearSessionID(w http.ResponseWriter)
ClearSessionID clears session ID cookie
func GetCSRFToken ¶
GetCSRFToken gets CSRF token from cookie
func GetRegister ¶
GetRegister gets registration cookie
func GetSessionID ¶
GetSessionID gets session ID from cookie
func GetTokenFromResult ¶
GetTokenFromResult retrieves a token from the result map
func Set ¶
func Set(w http.ResponseWriter, accessToken, refreshToken, domain string)
Set sets cookies
func SetAccessToken ¶
func SetAccessToken(w http.ResponseWriter, accessToken, domain string)
SetAccessToken sets access token cookie
func SetCSRFToken ¶
func SetCSRFToken(w http.ResponseWriter, csrfToken string, domain ...string) error
SetCSRFToken sets CSRF token cookie
func SetRefreshToken ¶
func SetRefreshToken(w http.ResponseWriter, refreshToken string, domain ...string)
SetRefreshToken sets refresh token cookie
func SetRegister ¶
func SetRegister(w http.ResponseWriter, registerToken, domain string)
SetRegister sets registration token cookie
func SetRegisterTokenFromResult ¶
func SetRegisterTokenFromResult(w http.ResponseWriter, r *http.Request, result *map[string]any, domain ...string) error
SetRegisterTokenFromResult sets registration token from result map
func SetSecureCookie ¶
func SetSecureCookie(w http.ResponseWriter, name, value string, maxAge int, domain ...string)
SetSecureCookie sets a secure cookie with common security settings
func SetSessionFromResult ¶
func SetSessionFromResult(w http.ResponseWriter, r *http.Request, result *map[string]any, domain ...string) error
SetSessionFromResult sets session ID cookie from result map
func SetSessionID ¶
func SetSessionID(w http.ResponseWriter, sessionID string, domain ...string) error
SetSessionID sets session ID cookie for web authentication
func SetTokensFromResult ¶
func SetTokensFromResult(w http.ResponseWriter, r *http.Request, result *map[string]any, domain ...string) error
SetTokensFromResult sets access and refresh tokens from result map
Types ¶
This section is empty.
Source Files