Title: Session Management
Desc: aah session provides HTTP state management for web applications and stateless session for API applications. aah session is HMAC signed and AES encrypted. aah customizes session storage via interface session.Storer.
Keywords: session, stateless session, stateful session, http state management, hmac signed, aes encrypted, external storage
aah session library provides HTTP state management for web applications and stateless session for API applications.
Features:
- HMAC Signed session data
- AES Encrypted session data
- Extensible
session.Storerinterface
aah provides ready-to-use Cookie and File session store to persist signed and encrypted session data. For custom session store (Key-Value Database, NoSQL Database, RDBMS, etc.), implement interface session.Storer and register in file <app-base-dir>/app/init.go (refer session.FileStore implementation; it is very easy to follow).
Note: In non-cookie session store, only Session ID is transmitted over the wire via Cookie.
To add values of custom data types in the session, register them using gob.Register(...).
Current session can be accessed via ctx.Session().
Steps to add user-defined session store into aah:
- Implement interface
session.Storer(Refersession.FileStore). - Register it in aah at
<app-base-dir>/app/init.gofile. - Configure it in app session config.
//Implement interface `session.Storer` for custom session storage
type Storer interface {
Init(appCfg *config.Config) error
Read(id string) string
Save(id, value string) error
Delete(id string) error
IsExists(id string) bool
Cleanup(m *Manager)
}// Refer `session.FileStore` for implementation
func init() {
aah.App().AddSessionStore("redis", &RedisSessionStore{})
}security {
session {
# ....
store {
type = "redis"
}
# ....
}
}Read more about authentication and authorization.