Session Management

aah session library provides HTTP state management for web applications and stateless session for API applications.


  • HMAC Signed session data
  • AES Encrypted session data
  • Extensible session.Storer interface

The library provides ready-to-use Cookie and File session store to persist signed and encrypted session data. For custom session store (Key-Value Database, NoSQL Database, RDBMS, etc.), implement interface session.Storer and register in file <app-base-dir>/app/init.go (refer session.FileStore; it is very easy to follow).

Note: In non-cookie session store, only `Session ID` is transmitted over the wire via Cookie.

To add values of custom data types in the session, register them using gob.Register(...).

Table of Contents

How to access current session?

Current session can be accessed via ctx.Session().

Adding user-defined session store into aah

Steps to add user-defined session store into aah:

  1. Implement interface session.Storer (Refer session.FileStore).
  2. Register it in aah at init.go file.
  3. Configure it in app session config.

Step 1: Implement interface session.Storer

//Implement interface `session.Storer` for custom session storage
type Storer interface {
	Init(appCfg *config.Config) error
	Read(id string) string
	Save(id, value string) error
	Delete(id string) error
	IsExists(id string) bool
	Cleanup(m *Manager)

Step 2: Add the newly created custom session store into aah

// Refer `session.FileStore` for implementation
func init() {
  aah.AddSessionStore("redis", &RedisSessionStore{})

Step 3: Configure the added custom session store in the config file security.conf

security {
  session {
    # ....

    store {
      type = "redis"

    # ....

Read more about authentication and authorization.