Documentation
¶
Overview ¶
Package session wraps alexedwards/scs/v2 with a kv.Store-backed session store and the small amount of glue that turns scs payloads into our app/actor.Actor.
Why scs? Mature, well-tested session manager that handles cookie attributes, ID generation, rotation, and expiry correctly. We supply the storage backend (kv.Store, the same abstraction used by rate-limits and the key-pool) and the typed payload schema.
What's NOT in scope: authentication (password verification — see internal/identity.Verify) or authorization (see app/authz). This package only manages "is there a valid session, and what's in it."
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager is the session layer. Construct via New(); attach the chi middleware via Middleware(); use Login/Logout/Actor in handlers.
func New ¶
New constructs a Manager backed by store. Cookies use the supplied attributes; secure=true is recommended in any deployment running behind HTTPS (which is everything except local dev).
keyPrefix is prepended to every kv key the manager writes — pick a namespace like "sess:" so it doesn't collide with rate-limits or key-pool state.
func (*Manager) Login ¶
Login records userID/username (and any roles) into the current session, rotating the session ID to prevent session fixation. Call after credential validation.
func (*Manager) Middleware ¶
Middleware wraps h with scs's LoadAndSave middleware (reads cookie, loads session from kv, persists changes on response). It also reads the session payload after load and stamps an Actor onto the request context so handlers can call actor.From(ctx) directly.