Session Management
aah session library provides HTTP state management for web applications and stateless session for API applications.
Features:
- HMAC Signed session data
- AES Encrypted session data
- Extensible
session.Storerinterface
aah provides ready-to-use Cookie and File session store to persist signed and encrypted session data. For custom session store (Key-Value Database, NoSQL Database, RDBMS, etc.), implement interface session.Storer and register in file <app-base-dir>/app/init.go (refer session.FileStore implementation; it is very easy to follow).
Note: In non-cookie session store, only Session ID is transmitted over the wire via Cookie.
To add values of custom data types in the session, register them using gob.Register(...).
Table of Contents
How to access current session?
Current session can be accessed via ctx.Session().
Adding user-defined session store into aah
Steps to add user-defined session store into aah:
- Implement interface
session.Storer(Refersession.FileStore). - Register it in aah at
<app-base-dir>/app/init.gofile. - Configure it in app session config.
Step 1: Implement interface session.Storer
//Implement interface `session.Storer` for custom session storage
type Storer interface {
Init(appCfg *config.Config) error
Read(id string) string
Save(id, value string) error
Delete(id string) error
IsExists(id string) bool
Cleanup(m *Manager)
}
Step 2: Add the newly created custom session store into aah
// Refer `session.FileStore` for implementation
func init() {
aah.App().AddSessionStore("redis", &RedisSessionStore{})
}
Step 3: Configure the added custom session store in the config file security.conf
security {
session {
# ....
store {
type = "redis"
}
# ....
}
}
Read more about authentication and authorization.