Angular>> sessions>> 返回
项目作者: golangcollege

项目描述 :
Session management for Go 1.11+
高级语言: Go
项目地址: git://github.com/golangcollege/sessions.git
创建时间: 2018-10-21T14:32:57Z
项目社区:https://github.com/golangcollege/sessions
开源协议:MIT License
下载


Sessions GoDoc Go Report Card Build Status License

A minimalist and lightweight HTTP session cookie implementation for Go 1.11+. Session cookies are encrypted and authenticated using nacl/secretbox.

Example Usage

  1. package main
  3. import (
  4.     "net/http"
  5.     "time"
  7.     "github.com/golangcollege/sessions"
  8. )
  10. var session *sessions.Session
  11. var secret = []byte("u46IpCV9y5Vlur8YvODJEhgOY8m9JVE4")
  13. func main() {
  14.     // Initialize and configure new session instance, passing in a 32 byte
  15.     // long secret key (which is used to encrypt and authenticate the
  16.     // session data).
  17.     session = sessions.New(secret)
  18.     session.Lifetime = 3 * time.Hour
  20.     mux := http.NewServeMux()
  21.     mux.HandleFunc("/put", putHandler)
  22.     mux.HandleFunc("/get", getHandler)
  24.     // Wrap your handlers with the session middleware.
  25.     http.ListenAndServe(":4000", session.Enable(mux))
  26. }
  28. func putHandler(w http.ResponseWriter, r *http.Request) {
  29.     // Use the Put() method to store a new key and associated value in the
  30.     // session data.
  31.     session.Put(r, "msg", "Hello world")
  32.     w.WriteHeader(200)
  33. }
  35. func getHandler(w http.ResponseWriter, r *http.Request) {
  36.     // Use the GetString() method helper to retrieve the value associated with
  37.     // a key and convert it to a string. The empty string is returned if the
  38.     // key does not exist in the session data.
  39.     msg := session.GetString(r, "msg")
  40.     w.Write([]byte(msg))
  41. }

Configuring sessions

When setting up a session instance you can specify a mixture of options, or none at all if you’re happy with the defaults.

  1. session = sessions.New([]byte("u46IpCV9y5Vlur8YvODJEhgOY8m9JVE4"))
  3. // Domain sets the 'Domain' attribute on the session cookie. By default
  4. // it will be set to the domain name that the cookie was issued from.
  5. session.Domain = "example.org"
  7. // HttpOnly sets the 'HttpOnly' attribute on the session cookie. The
  8. // default value is true.
  9. session.HttpOnly = false
  11. // Lifetime sets the maximum length of time that a session is valid for
  12. // before it expires. The lifetime is an 'absolute expiry' which is set when
  13. // the session is first created and does not change. The default value is 24
  14. // hours.
  15. session.Lifetime = 10*time.Minute
  17. // Path sets the 'Path' attribute on the session cookie. The default value
  18. // is "/". Passing the empty string "" will result in it being set to the
  19. // path that the cookie was issued from.
  20. session.Path = "/account"
  22. // Persist sets whether the session cookie should be persistent or not
  23. // (i.e. whether it should be retained after a user closes their browser).
  24. // The default value is true, which means that the session cookie will not
  25. // be destroyed when the user closes their browser and the appropriate
  26. // 'Expires' and 'MaxAge' values will be added to the session cookie.
  27. session.Persist = false
  29. // Secure sets the 'Secure' attribute on the session cookie. The default
  30. // value is false. It's recommended that you set this to true and serve all
  31. // requests over HTTPS in production environments.
  32. session.Secure = true
  34. // SameSite controls the value of the 'SameSite' attribute on the session
  35. // cookie. By default this is set to 'SameSite=Lax'. If you want no SameSite
  36. // attribute or value in the session cookie then you should set this to 0.
  37. session.SameSite = http.SameSiteStrictMode
  39. // ErrorHandler allows you to control behaviour when an error is encountered
  40. // loading or writing the session cookie. By default the client is sent a
  41. // generic "500 Internal Server Error" response and the actual error message
  42. // is logged using the standard logger. If a custom ErrorHandler function is
  43. // provided then control will be passed to this instead.
  44. session.ErrorHandler  = func(http.ResponseWriter, *http.Request, error) {
  45.     log.Println(err.Error())
  46.     http.Error(w, "Sorry, the application encountered an error", 500)
  47. }

Key rotation

Secret key rotation is supported. An arbitrary number of old secret keys can be provided when initializing a new session instance, like so:

  1. secretKey := []byte("Nrqe6etTZ68GymwxsgpjqwecHqyKLQrr")
  2. oldSecretKey := []byte("TSV2GUduLGYwMkVcssFrHwCHXLhfBH5e")
  3. veryOldSecretKey := []byte("mtuKkskgHwfJzzP56apvNWzrbqfKHvTB")
  5. session = sessions.New(secretKey, oldSecretKey, veryOldSecretKey)
  6. session.Lifetime = 3 * time.Hour

When a session cookie is received from a client, all secret keys are looped through to try to decode the session data. When sending the session cookie to a client the first secret key is used to encrypt the session data.

Managing session data

Adding data

  • Put() — Add a key and corresponding value to the session data.

Important: Because session data is encrypted, signed and stored in a cookie, and cookies are limited to 4096 characters in length, storing large amounts of data may result in a ErrCookieTooLong error.

Fetching data

  • Get() — Fetch the value for a given key from the session data. The returned type is interface{} so will usually need to be type asserted before use.
  • GetBool() — Fetch a bool value for a given key from the session data.
  • GetBytes() — Fetch a byte slice ([]byte) value for a given key from the session data.
  • GetFloat() — Fetch a float64 value for a given key from the session data.
  • GetInt() — Fetch a int value for a given key from the session data.
  • GetString() — Fetch a string value for a given key from the session data.

  • GetTime() — Fetch a time.Time value for a given key from the session data.

  • Pop() — Fetch the value for a given key and then delete it from the session data. The returned type is interface{} so will usually need to be type asserted before use.

  • PopBool() — Fetch a bool value for a given key and then delete it from the session data.
  • PopBytes() — Fetch a byte slice ([]byte) value for a given key and then delete it from the session data.
  • PopFloat() — Fetch a float64 value for a given key and then delete it from the session data.
  • PopInt() — Fetch a int value for a given key and then delete it from the session data.
  • PopString() — Fetch a string value for a given key and then delete it from the session data.
  • PopTime() — Fetch a time.Time value for a given key and then delete it from the session data.

Deleting data

  • Remove() — Deletes a specific key and value from the session data.
  • Destroy() — Destroy the current session. The session data is deleted from memory and the client is instructed to delete the session cookie.

Other

  • Exists() — Returns true if a given key exists in the session data.
  • Keys() — Returns a slice of all keys in the session data.

Custom data types

Behind the scenes SCS uses gob encoding to store custom data types. For this to work properly:

  • Your custom type must first be registered with the encoding/gob package.
  • The fields of your custom types must be exported.

For example:

  1. package main
  3. import (
  4.     "encoding/gob"
  5.     "errors"
  6.     "fmt"
  7.     "log"
  8.     "net/http"
  9.     "time"
  11.     "github.com/golangcollege/sessions"
  12. )
  14. var session *sessions.Session
  15. var secret = []byte("u46IpCV9y5Vlur8YvODJEhgOY8m9JVE4")
  17. // Note that the fields on the custom type are all exported.
  18. type User struct {
  19.     Name  string
  20.     Email string
  21. }
  23. func main() {
  24.     // Register the type with the encoding/gob package.
  25.     gob.Register(User{})
  27.     session = sessions.New(secret)
  28.     session.Lifetime = 3 * time.Hour
  30.     mux := http.NewServeMux()
  31.     mux.HandleFunc("/put", putHandler)
  32.     mux.HandleFunc("/get", getHandler)
  33.     http.ListenAndServe(":4000", session.Enable(mux))
  34. }
  36. func putHandler(w http.ResponseWriter, r *http.Request) {
  37.     user := User{"Alice", "alice@example.com"}
  38.     session.Put(r, "user", user)
  39.     w.WriteHeader(200)
  40. }
  42. func getHandler(w http.ResponseWriter, r *http.Request) {
  43.     user, ok := session.Get(r, "user").(User)
  44.     if !ok {
  45.         log.Println(errors.New("type assertion to User failed"))
  46.         http.Error(w, http.StatusText(500), 500)
  47.         return
  48.     }
  50.     fmt.Fprintf(w, "Name: %s, Email: %s", user.Name, user.Email)
  51. }