Session Management
aah session library provides HTTP state management for web applications and stateless session for API applications.
Features:
- HMAC Signed session data
- AES Encrypted session data
- Extensible
session.Storer
interface
aah provides ready-to-use Cookie
and File
session store to persist signed and encrypted session data. For custom session store (Key-Value Database, NoSQL Database, RDBMS, etc.), implement interface session.Storer
and register in file <app-base-dir>/app/init.go
(refer session.FileStore
implementation; it is very easy to follow).
Note: In non-cookie session store, only Session ID
is transmitted over the wire via Cookie.
To add values of custom data types in the session, register them using gob.Register(...)
.
Table of Contents
How to access current session?
Current session can be accessed via ctx.Session()
.
Adding user-defined session store into aah
Steps to add user-defined session store into aah:
- Implement interface
session.Storer
(Refersession.FileStore
). - Register it in aah at
<app-base-dir>/app/init.go
file. - Configure it in app session config.
Step 1: Implement interface session.Storer
Step 2: Add the newly created custom session store into aah
Step 3: Configure the added custom session store in the config file security.conf
Read more about authentication and authorization.