session

package
v0.9.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 7, 2026 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Overview

Package session wraps alexedwards/scs/v2 with a kv.Store-backed session store and the small amount of glue that turns scs payloads into our app/actor.Actor.

Why scs? Mature, well-tested session manager that handles cookie attributes, ID generation, rotation, and expiry correctly. We supply the storage backend (kv.Store, the same abstraction used by rate-limits and the key-pool) and the typed payload schema.

What's NOT in scope: authentication (password verification — see internal/identity.Verify) or authorization (see app/authz). This package only manages "is there a valid session, and what's in it."

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Manager

type Manager struct {
	// contains filtered or unexported fields
}

Manager is the session layer. Construct via New(); attach the chi middleware via Middleware(); use Login/Logout/Actor in handlers.

func New

func New(store kv.Store, secure bool, keyPrefix string) *Manager

New constructs a Manager backed by store. Cookies use the supplied attributes; secure=true is recommended in any deployment running behind HTTPS (which is everything except local dev).

keyPrefix is prepended to every kv key the manager writes — pick a namespace like "sess:" so it doesn't collide with rate-limits or key-pool state.

func (*Manager) Login

func (m *Manager) Login(ctx context.Context, userID, username string, roles ...string) error

Login records userID/username (and any roles) into the current session, rotating the session ID to prevent session fixation. Call after credential validation.

func (*Manager) Logout

func (m *Manager) Logout(ctx context.Context) error

Logout destroys the current session.

func (*Manager) Middleware

func (m *Manager) Middleware(h http.Handler) http.Handler

Middleware wraps h with scs's LoadAndSave middleware (reads cookie, loads session from kv, persists changes on response). It also reads the session payload after load and stamps an Actor onto the request context so handlers can call actor.From(ctx) directly.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL