Session Management
aah session library provides HTTP state management for web applications and stateless session for API applications.
Features:
- HMAC Signed session data
- AES Encrypted session data
- Extensible
session.Storer
interface
aah provides ready-to-use Cookie
and File
session store to persist signed and encrypted session data. For custom session store (Key-Value Database, NoSQL Database, RDBMS, etc.), implement interface session.Storer
and register in file <app-base-dir>/app/init.go
(refer session.FileStore
implementation; it is very easy to follow).
Note: In non-cookie session store, only Session ID
is transmitted over the wire via Cookie.
To add values of custom data types in the session, register them using gob.Register(...)
.
Table of Contents
How to access current session?
Current session can be accessed via ctx.Session()
.
Adding user-defined session store into aah
Steps to add user-defined session store into aah:
- Implement interface
session.Storer
(Refersession.FileStore
). - Register it in aah at
<app-base-dir>/app/init.go
file. - Configure it in app session config.
Step 1: Implement interface session.Storer
//Implement interface `session.Storer` for custom session storage
type Storer interface {
Init(appCfg *config.Config) error
Read(id string) string
Save(id, value string) error
Delete(id string) error
IsExists(id string) bool
Cleanup(m *Manager)
}
Step 2: Add the newly created custom session store into aah
// Refer `session.FileStore` for implementation
func init() {
aah.App().AddSessionStore("redis", &RedisSessionStore{})
}
Step 3: Configure the added custom session store in the config file security.conf
security {
session {
# ....
store {
type = "redis"
}
# ....
}
}
Read more about authentication and authorization.