Session Management
aah Session library provides HTTP state management for web application and Stateless session for API application.
Features:
- Extensible
session.Storerinterface - HMAC Signed session data
- AES Encrypted session data
Out-of-the-box aah framework provides Cookie and File as a Session Store to persist encrypted session data. Also it provides extensible interface session.Storer for adapting other storage types; like Key-Value Database, NoSQL Database, and RDBMS. For your own store implementation, please refer session.FileStore; its very easy.
Non-cookie store session data is maintained via store interface. Only Session ID is transmitted over the wire via Cookie.
If you would like to add values of your custom types in the session. You have to register your custom types using gob.Register(...).
Reference to Session Configuration.
Table of Contents
- How to access current Session?
session.StorerInterface- Adding User-Defined Store into aah
- Configuring User-Defined Store into aah
How to access current Session?
You can access current in two ways from aah.Context.
ctx.Session()- it internally uses the below call.ctx.Subject().Session
session.Storer Interface
// Storer is interface for implementing pluggable session storage.
Storer interface {
Init(appCfg *config.Config) error
Read(id string) string
Save(id, value string) error
Delete(id string) error
IsExists(id string) bool
Cleanup(m *Manager)
}
Adding User-Defined Session Store into aah
Add the user-defined custom session store into aah framework.
// Refer `session.FileStore` for implementation sample
func init() {
aah.AddSessionStore("redis", &RedisSessionStore{})
}
Configuring User-Defined Session Store into aah
Configuring user-defined custom store for session data storage in the security.conf.
security {
session {
# ....
store {
type = "redis"
}
# ....
}
}