Session Management

aah Session library provides HTTP state management for web application and Stateless session for API application.


  • Extensible session.Storer interface
  • HMAC Signed session data
  • AES Encrypted session data

Out-of-the-box aah framework provides Cookie and File as a Session Store to persist encrypted session data. Also it provides extensible interface session.Storer for adapting other storage types; like Key-Value Database, NoSQL Database, and RDBMS. For your own store implementation, please refer session.FileStore; its very easy.

Non-cookie store session data is maintained via store interface. Only Session ID is transmitted over the wire via Cookie.

If you would like to add values of your custom types in the session. You have to register your custom types using gob.Register(...).

Reference to Session Configuration.

Table of Contents

How to access current Session?

You can access current in two ways from aah.Context.

  • ctx.Session() - it internally uses the below call.
  • ctx.Subject().Session

session.Storer Interface

// Storer is interface for implementing pluggable session storage.
Storer interface {
	Init(appCfg *config.Config) error
	Read(id string) string
	Save(id, value string) error
	Delete(id string) error
	IsExists(id string) bool
	Cleanup(m *Manager)

Adding User-Defined Session Store into aah

Add the user-defined custom session store into aah framework.

// Refer `session.FileStore` for implementation sample
func init() {
  aah.AddSessionStore("redis", &RedisSessionStore{})

Configuring User-Defined Session Store into aah

Configuring user-defined custom store for session data storage in the security.conf.

security {
  session {
    # ....

    store {
      type = "redis"

    # ....