1
0
mirror of https://github.com/astaxie/beego.git synced 2024-12-23 08:10:50 +00:00
Beego/session
wang yan a768bf8f00 update hash algorithm for signing the cookie for xsrf token
Due to the chosen-prefix collision in SHA-1(details at https://sha-mbles.github.io/), SHA-1 hash functions should to be deprecated and SHA-2/SHA-3 should be used instead.

Signed-off-by: wang yan <wangyan@vmware.com>
2020-02-06 17:31:24 +08:00
..
couchbase fix ineffectual 2017-04-28 22:36:28 +08:00
ledis all: simplify boolean expressions 2019-02-09 17:18:59 +03:00
memcache Fixed error handling in memcache sessions 2018-12-27 16:20:26 -08:00
mysql all: simplify boolean expressions 2019-02-09 17:18:59 +03:00
postgres all: simplify boolean expressions 2019-02-09 17:18:59 +03:00
redis add session redis IdleTimeout config 2018-07-12 10:48:50 +08:00
redis_cluster fix use it comments 2018-05-24 15:14:56 +08:00
redis_sentinel delete stackcheck config file and ignore some staticcheck checks 2019-01-22 20:21:00 +08:00
ssdb add golint check and fix all golints 2017-04-30 22:41:23 +08:00
README.md Update README.md 2014-05-05 16:21:50 +08:00
sess_cookie_test.go set session.managerconfig public 2016-08-13 21:07:27 +08:00
sess_cookie.go Fixes #2587 2017-04-23 19:19:05 +02:00
sess_file.go SessionRead: check of the length for input sid variable 2019-02-04 11:03:27 +05:00
sess_mem_test.go set session.managerconfig public 2016-08-13 21:07:27 +08:00
sess_mem.go remove comment 2016-03-01 13:39:36 +08:00
sess_test.go fix ineffectual 2017-04-28 22:36:28 +08:00
sess_utils.go update hash algorithm for signing the cookie for xsrf token 2020-02-06 17:31:24 +08:00
session.go add GetProvider 2018-12-13 15:37:19 +08:00

session

session is a Go session manager. It can use many session providers. Just like the database/sql and database/sql/driver.

How to install?

go get github.com/astaxie/beego/session

What providers are supported?

As of now this session manager support memory, file, Redis and MySQL.

How to use it?

First you must import it

import (
	"github.com/astaxie/beego/session"
)

Then in you web app init the global session manager

var globalSessions *session.Manager
  • Use memory as provider:

      func init() {
      	globalSessions, _ = session.NewManager("memory", `{"cookieName":"gosessionid","gclifetime":3600}`)
      	go globalSessions.GC()
      }
    
  • Use file as provider, the last param is the path where you want file to be stored:

      func init() {
      	globalSessions, _ = session.NewManager("file",`{"cookieName":"gosessionid","gclifetime":3600,"ProviderConfig":"./tmp"}`)
      	go globalSessions.GC()
      }
    
  • Use Redis as provider, the last param is the Redis conn address,poolsize,password:

      func init() {
      	globalSessions, _ = session.NewManager("redis", `{"cookieName":"gosessionid","gclifetime":3600,"ProviderConfig":"127.0.0.1:6379,100,astaxie"}`)
      	go globalSessions.GC()
      }
    
  • Use MySQL as provider, the last param is the DSN, learn more from mysql:

      func init() {
      	globalSessions, _ = session.NewManager(
      		"mysql", `{"cookieName":"gosessionid","gclifetime":3600,"ProviderConfig":"username:password@protocol(address)/dbname?param=value"}`)
      	go globalSessions.GC()
      }
    
  • Use Cookie as provider:

      func init() {
      	globalSessions, _ = session.NewManager(
      		"cookie", `{"cookieName":"gosessionid","enableSetCookie":false,"gclifetime":3600,"ProviderConfig":"{\"cookieName\":\"gosessionid\",\"securityKey\":\"beegocookiehashkey\"}"}`)
      	go globalSessions.GC()
      }
    

Finally in the handlerfunc you can use it like this

func login(w http.ResponseWriter, r *http.Request) {
	sess := globalSessions.SessionStart(w, r)
	defer sess.SessionRelease(w)
	username := sess.Get("username")
	fmt.Println(username)
	if r.Method == "GET" {
		t, _ := template.ParseFiles("login.gtpl")
		t.Execute(w, nil)
	} else {
		fmt.Println("username:", r.Form["username"])
		sess.Set("username", r.Form["username"])
		fmt.Println("password:", r.Form["password"])
	}
}

How to write own provider?

When you develop a web app, maybe you want to write own provider because you must meet the requirements.

Writing a provider is easy. You only need to define two struct types (Session and Provider), which satisfy the interface definition. Maybe you will find the memory provider is a good example.

type SessionStore interface {
	Set(key, value interface{}) error     //set session value
	Get(key interface{}) interface{}      //get session value
	Delete(key interface{}) error         //delete session value
	SessionID() string                    //back current sessionID
	SessionRelease(w http.ResponseWriter) // release the resource & save data to provider & return the data
	Flush() error                         //delete all data
}

type Provider interface {
	SessionInit(gclifetime int64, config string) error
	SessionRead(sid string) (SessionStore, error)
	SessionExist(sid string) bool
	SessionRegenerate(oldsid, sid string) (SessionStore, error)
	SessionDestroy(sid string) error
	SessionAll() int //get all active session
	SessionGC()
}

LICENSE

BSD License http://creativecommons.org/licenses/BSD/