Session Management

aah session library provides HTTP state management for web applications and stateless session for API applications.


  • HMAC Signed session data
  • AES Encrypted session data
  • Extensible session.Storer interface

aah provides ready-to-use Cookie and File session store to persist signed and encrypted session data. For custom session store (Key-Value Database, NoSQL Database, RDBMS, etc.), implement interface session.Storer and register in file <app-base-dir>/app/init.go (refer session.FileStore implementation; it is very easy to follow).

Note: In non-cookie session store, only Session ID is transmitted over the wire via Cookie.

To add values of custom data types in the session, register them using gob.Register(...).

Table of Contents

How to access current session?

Current session can be accessed via ctx.Session().

Adding user-defined session store into aah

Steps to add user-defined session store into aah:

  1. Implement interface session.Storer (Refer session.FileStore).
  2. Register it in aah at <app-base-dir>/app/init.go file.
  3. Configure it in app session config.

Step 1: Implement interface session.Storer

//Implement interface `session.Storer` for custom session storage
type Storer interface {
	Init(appCfg *config.Config) error
	Read(id string) string
	Save(id, value string) error
	Delete(id string) error
	IsExists(id string) bool
	Cleanup(m *Manager)

Step 2: Add the newly created custom session store into aah

// Refer `session.FileStore` for implementation
func init() {
  aah.App().AddSessionStore("redis", &RedisSessionStore{})

Step 3: Configure the added custom session store in the config file security.conf

security {
  session {
    # ....

    store {
      type = "redis"

    # ....

Read more about authentication and authorization.