I have imported packages as
import (
"github.com/gorilla/sessions"
"github.com/gorilla/mux"
//CORS
"github.com/rs/cors"
"github.com/justinas/alice"
)
and defined store and main method as follow
var store = sessions.NewCookieStore([]byte("something-very-secret"))
const My_UI="http://localhost:3000"
func init() {
store.Options = &sessions.Options{
Path: "/",
MaxAge: 3600 * 1, // 1 hour
HttpOnly: true,
}
}
var router = mux.NewRouter() //MUX Handeler
//MAIN Function
func main() {
c := cors.New(cors.Options{
AllowedOrigins: []string{My_UI},
})
router.HandleFunc("/submitted",Login)
router.HandleFunc("/check",GetSession)
http.Handle("/", router)
chain := alice.New(c.Handler).Then(router) //CORS enable
fmt.Println("server started at port 8080")
http.ListenAndServe(":8080", chain)
}
In my method I’ve created and set session value as describe in gorilla doc
func Login(w http.ResponseWriter, r *http.Request) {
fmt.Println("In login----------->")
sess := GetCon() //get connection session
defer sess.Close() //close session
c := sess.DB("mydb").C("users") //collection-> select db table
session1, _ := store.Get(r, "loginSession") //login session
//parse json data
form := LoginUser{}
err := json.NewDecoder(r.Body).Decode(&form)
if err !=nil {
fmt.Println(err)
}
//get query data
var result []Person
errc1 := c.Find(bson.M{"email":form.Email,"password":form.Password}).All(&result)
if errc1 != nil {
js, err2 := json.Marshal("false")
if err2 != nil{return}
w.Header().Set("Content-Type", "application/json")
w.Write(js)
} else {
if len(result)==0 {
if err2 != nil {
return
}
w.Header().Set("Content-Type", "application/json")
w.Write(js)
} else {
fmt.Println("Success")
session1.Values["foo"] = "bar"
session1.Save(r, w)
fmt.Println("saved",session1)
js, err2 := json.Marshal(&result[0].Id)
if err2 != nil {return}
w.Header().Set("Content-Type", "application/json")
w.Write(js)
}
}
}
Now if i want to get this session value in another method i got nil every time. don't know what goes wrong in my code.
func GetSession(w http.ResponseWriter, r *http.Request) {
session1, _ := store.Get(r, "loginSession")
fmt.Println("Session in SessionHandler",session1)
if session.Values["foo"] == nil {
fmt.Println("not found",session.Values["foo"]))
} else {
fmt.Println("value",session.Values["foo"])
}
}
You got a mistake at your GetSession function. Please change session variable to session1
Also to check if session value is present better do it this way:
session, err := store.Get(r, ssid)
if err == nil {
if value, ok := session.Values["foo"].(string); ok {
session_data = value
}
}
I don't know what value you what to get, but I assume you want a string value. I wrote simple func GetFoo() to get string value from session1.Values["foo"].
Full example below:
package main
import (
"fmt"
"net/http"
"github.com/gorilla/mux"
"github.com/gorilla/sessions"
"github.com/justinas/alice"
"github.com/rs/cors"
)
var store = sessions.NewCookieStore([]byte("something-very-secret"))
const My_UI = "http://localhost:3000"
var router = mux.NewRouter() //MUX Handeler
//MAIN Function
func init() {
store.Options = &sessions.Options{
Path: "/",
MaxAge: 3600 * 1, // 1 hour
HttpOnly: true,
}
}
func main() {
c := cors.New(cors.Options{
AllowedOrigins: []string{My_UI},
})
router.HandleFunc("/login", Login)
router.HandleFunc("/check", GetSession)
http.Handle("/", router)
chain := alice.New(c.Handler).Then(router) //CORS enable
fmt.Println("server started at port 8080")
http.ListenAndServe(":8080", chain)
}
func GetFoo(f interface{}) string {
if f != nil {
if foo, ok := f.(string); ok {
return foo
}
}
return ""
}
func GetSession(w http.ResponseWriter, r *http.Request) {
session1, _ := store.Get(r, "loginSession")
foo := GetFoo(session1.Values["foo"])
if foo == "" {
fmt.Println("Foo is not set! Login to set value.")
} else {
fmt.Println("Foo Value:", foo, ".")
}
}
func Login(w http.ResponseWriter, r *http.Request) {
// Save Foo
session1, _ := store.Get(r, "loginSession")
session1.Values["foo"] = "bar"
session1.Save(r, w)
}
Related
This code has two parts. One is to set and clear the session and the second part is login and logout.
What it does?
In the second part, If an email and password are found in the database and the match is true then it set the session and move to the about() function which has an about file. If the logout is called then it clears the session and redirects to the home page.
What it should do?
The problem is that even if I am logged out and the session is cleared, I can still visit an about page. I don't want to be allowed to visit an about page if I am not logged in.
First part
var cookieHandler = securecookie.New(
securecookie.GenerateRandomKey(64),
securecookie.GenerateRandomKey(32),
)
func setSession(email, password string, res http.ResponseWriter) {
value := map[string]string{ "email": email, "password": password}
encoded, err := cookieHandler.Encode("session", value)
if err == nil {
cookie := &http.Cookie{ Name: "session", Value: encoded, Path: "/"}
http.SetCookie(res, cookie)
}
}
func clearSession(res http.ResponseWriter) {
cookie := &http.Cookie{ Name: "session", Value: "", Path: "/", MaxAge: -1}
http.SetCookie(res, cookie)
}
Second part
func about(res http.ResponseWriter, req *http.Request) {
if err := tmpl.ExecuteTemplate(res, "about.html", nil); err != nil {
log.Fatal("template didn't execute", nil)
}
}
func loginAuth(res http.ResponseWriter, req *http.Request) {
email := req.FormValue("email")
password := req.FormValue("password")
match := database.Findaccount(email, password)
if match == true {
setSession(email, password, res)
about(res, req)
fmt.Println("You're logged in")
} else {
tmpl.ExecuteTemplate(res, "login.html", nil)
fmt.Println("Enter the correct email or password")
}
}
func logout(res http.ResponseWriter, req *http.Request) {
clearSession(res)
http.Redirect(res, req, "/", 302)
}
Few things you don't want to do, in general:
Don't use cookie encoder directly. Use a cookie session store.
Don't call an handler within an handler, prefer a redirect. This should prevent writing twice the headers/body on the response.
Don't pass the user/password in the cookie, even encoded, in 2021 we may even prevent sending that through the form at all (you might consider sending only a hash and re hash the hash on the server side to figure out if things are good to go).
Few things you always want to do:
Write tests.
Make use of middlewares.
Always provide small reproducible examples.
That being said, I have written a lookalike code with some stubs (mostly for db), I removed template support (i was not in the mood to write HTML) and more importantly I wrote tests !!
To the question How to clear the session :
Delete the values from the store, write the store
To the question and only visit an about page after login?:
Wrap that handler with a middleware that verifies login data attached to the user cookie store
-- main.go --
package main
import (
"crypto/sha256"
"encoding/gob"
"fmt"
"log"
"net/http"
"github.com/gorilla/mux"
"github.com/gorilla/securecookie"
"github.com/gorilla/sessions"
)
// Note: Don't store your key in your source code. Pass it via an
// environmental variable, or flag (or both), and don't accidentally commit it
// alongside your code. Ensure your key is sufficiently random - i.e. use Go's
// crypto/rand or securecookie.GenerateRandomKey(32) and persist the result.
var store = sessions.NewCookieStore(
securecookie.GenerateRandomKey(32),
)
//emulate db package
func dbLookupUser(user, pwd string) bool {
return user == "user" && pwd == "pwd"
}
func dbLookupHash(h string) bool {
return h == hash("user", "pwd")
}
func hash(s ...interface{}) string {
hr := sha256.New()
fmt.Fprint(hr, s...)
return fmt.Sprintf("%x", hr.Sum(nil))
}
// hashKey is a typed key for the session map store to prevent unintented overwrites.
type hashKey string
func init() {
gob.Register(hashKey(""))
}
func loginAuth(res http.ResponseWriter, req *http.Request) {
email := req.FormValue("email")
password := req.FormValue("password")
match := dbLookupUser(email, password)
if match == true {
session, _ := store.Get(req, "session-name")
session.Values["hash"] = hash(email, password)
// Save it before we write to the response/return from the handler.
err := session.Save(req, res)
if err == nil {
// about(res, req) // don't!
// the about handler might want to setup its own http response headers
// That would conflict with what we did here.
// prefer a redirect
http.Redirect(res, req, "/about", http.StatusFound)
return
}
} else {
fmt.Fprintf(res, "try again") // use a templatee instead!
// tmpl.ExecuteTemplate(res, "login.html", nil)
}
}
func logout(res http.ResponseWriter, req *http.Request) {
session, _ := store.Get(req, "session-name")
delete(session.Values, hashKey("hash"))
_ = session.Save(req, res)
http.Redirect(res, req, "/", 302)
}
func about(res http.ResponseWriter, req *http.Request) {
fmt.Fprintf(res, "welcome to about page")
}
func requireLogin(next http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
session, _ := store.Get(r, "session-name")
var h string
if x, ok := session.Values[hashKey("hash")]; ok {
h = x.(string)
}
var match bool
if h != "" {
match = dbLookupHash(h)
}
if !match {
// Write an error and stop the handler chain
http.Error(w, "Forbidden", http.StatusForbidden)
return
}
next(w, r)
}
}
func main() {
r := mux.NewRouter()
r.HandleFunc("/", loginAuth)
r.HandleFunc("/logout", logout)
r.HandleFunc("/about", requireLogin(about))
log.Fatal(http.ListenAndServe("localhost:8080", r))
}
-- main_test.go --
package main
import (
"net/http"
"net/http/httptest"
"net/url"
"testing"
)
func TestLogin(t *testing.T) {
req := httptest.NewRequest("POST", "http://example.com/foo", nil)
form := url.Values{}
form.Set("email", "user")
form.Set("password", "pwd")
req.Form = form
w := httptest.NewRecorder()
loginAuth(w, req)
resp := w.Result()
// body, _ := io.ReadAll(resp.Body)
if wanted := http.StatusFound; resp.StatusCode != wanted {
t.Fatalf("invalid response code, got=%v wanted=%v", resp.StatusCode, wanted)
}
// implement more check
}
func TestLoginFailure(t *testing.T) {
req := httptest.NewRequest("POST", "http://example.com/foo", nil)
form := url.Values{}
form.Set("email", "!user")
form.Set("password", "!pwd")
req.Form = form
w := httptest.NewRecorder()
loginAuth(w, req)
resp := w.Result()
// body, _ := io.ReadAll(resp.Body)
if wanted := http.StatusOK; resp.StatusCode != wanted {
t.Fatalf("invalid response code, got=%v wanted=%v", resp.StatusCode, wanted)
}
// implement more check
}
func TestAboutNotLogged(t *testing.T) {
req := httptest.NewRequest("POST", "http://example.com/foo", nil)
w := httptest.NewRecorder()
requireLogin(about)(w, req)
resp := w.Result()
// body, _ := io.ReadAll(resp.Body)
if wanted := http.StatusForbidden; resp.StatusCode != wanted {
t.Fatalf("invalid response code, got=%v wanted=%v", resp.StatusCode, wanted)
}
// implement more check
}
func TestAboutLogged(t *testing.T) {
req := httptest.NewRequest("POST", "http://example.com/foo", nil)
w := httptest.NewRecorder()
session, _ := store.Get(req, "session-name")
session.Values[hashKey("hash")] = hash("user", "pwd")
err := session.Save(req, w)
if err != nil {
t.Fatal(err)
}
hdr := w.Header()
req.Header.Add("Cookie", hdr["Set-Cookie"][0])
w = httptest.NewRecorder()
requireLogin(about)(w, req)
resp := w.Result()
// body, _ := io.ReadAll(resp.Body)
if wanted := http.StatusOK; resp.StatusCode != wanted {
t.Fatalf("invalid response code, got=%v wanted=%v", resp.StatusCode, wanted)
}
// implement more check
}
I'm having an issue with gorilla/sessions. My sessions aren't being saved when sessions.NewCookieStore([]byte("veryprivatekey")) is from a different package/exported variable.
Here is what works:
What works
exampleproj/main.go
package main
import (
"fmt"
"github.com/gorilla/mux"
"github.com/gorilla/sessions"
"net/http"
)
var store *sessions.CookieStore
var cookie_name = "sess"
func main() {
store = sessions.NewCookieStore([]byte("veryprivatekey"))
router := mux.NewRouter()
router.HandleFunc("/cookietest", cookietest)
router.HandleFunc("/cookietest2", cookietest2)
err := http.ListenAndServe(":8080", router)
if err != nil {
fmt.Print(err)
}
}
var cookietest = func(w http.ResponseWriter, r *http.Request) {
session, err := store.Get(r, cookie_name)
if err != nil {
fmt.Println(err)
}
session.Values["Stack"] = "Overflow"
err = session.Save(r,w)
if err != nil {
fmt.Println(err)
}
}
var cookietest2 = func(w http.ResponseWriter, r *http.Request) {
session, err := store.Get(r, cookie_name)
if err != nil {
fmt.Println(err)
}
fmt.Println("Stack: ", session.Values["Stack"])
}
(open localhost:8080/cookietest and check that a cookie was created)
The issue
Here is some code where sessions.CookieStore is from another package:
exampleproj/main.go
package main
import (
"expirements/example"
"fmt"
"github.com/gorilla/mux"
"net/http"
)
var cookie_name = "sess"
func main() {
router := mux.NewRouter()
router.HandleFunc("/cookietest", cookietest)
router.HandleFunc("/cookietest2", cookietest2)
err := http.ListenAndServe(":8080", router)
if err != nil {
fmt.Print(err)
}
}
var cookietest = func(w http.ResponseWriter, r *http.Request) {
session, err := example.Store.Get(r, cookie_name)
if err != nil {
fmt.Println(err)
}
session.Values["Stack"] = "Overflow"
err = session.Save(r,w)
if err != nil {
fmt.Println(err)
}
}
var cookietest2 = func(w http.ResponseWriter, r *http.Request) {
session, err := example.Store.Get(r, cookie_name)
if err != nil {
fmt.Println(err)
}
fmt.Println("Stack: ", session.Values["Stack"])
}
exampleproj/example/ex.go
package example
import (
"github.com/gorilla/sessions"
)
var Store *sessions.CookieStore
func init() {
Store = sessions.NewCookieStore([]byte("veryprivatekey"))
Store.Options = &sessions.Options{
//Domain: config.Host,
//Path: "/",
MaxAge: 259200,
Secure: true,
HttpOnly: true,
}
}
func GetStore() *sessions.CookieStore {
return Store
}
No cookies were set. I've also tried using GetStore() instead of example.Store, but that didn't work either. Am I supposed to declare a sessions.NewCookieStore for each package?
Solution is here - surprised I couldn't find more stackoverflow questions about this.
I'm writing a small package which does a GET request to an external API every 2 seconds. It takes the value from this request and passes it into a channel. I have made this channel available to a http.handler (chi router) which upgrades to a websocket where the front-end will grab the value in realtime. the panic error is a lot of lines but i guess the most important is this:
2018/11/14 16:47:55 http: response.WriteHeader on hijacked connection
2018/11/14 16:47:55 http: response.Write on hijacked connection
Aside from that I'm sure there is a better way of doing this. Any experienced Gophers out there have any pointers to help a noob such as myself improve this?
package currencyticker
import (
"bitbucket.org/special/api/config"
"encoding/json"
"fmt"
"github.com/go-chi/chi"
"github.com/go-chi/render"
"github.com/gorilla/websocket"
"github.com/leekchan/accounting"
"io/ioutil"
"log"
"math/big"
"net/http"
"time"
)
var (
ac = accounting.Accounting{Precision: 2}
from = "USD"
to = "EUR,SWK"
url = "https://min-api.currencyapi.com/data/price?fsym=" + from + "&tsyms=" + to
messages = make(chan float64)
)
var wsupgrader = websocket.Upgrader{
ReadBufferSize: 1024,
WriteBufferSize: 1024,
CheckOrigin: func(r *http.Request) bool {
return true // Disable CORS for testing
},
}
// Config - init
type Config struct {
*config.Config
}
type result map[string]float64
// New - init the configs
func New(configuration *config.Config) *Config {
return &Config{configuration}
}
// Routes - api urls
func (config *Config) Routes() *chi.Mux {
router := chi.NewRouter()
router.Use(
render.SetContentType(render.ContentTypeHTML), // Set content-Type headers as application/json
)
router.Get("/", config.GetPrice) // subscribe to new tweets
return router
}
func (config *Config) GetPrice(w http.ResponseWriter, r *http.Request) {
conn, err := wsupgrader.Upgrade(w, r, nil)
if err != nil {
fmt.Println(fmt.Printf("Failed to set websocket upgrade: %+v ", err))
return
}
for {
time.Sleep(1 * time.Second)
price := <-messages
w, err := conn.NextWriter(websocket.TextMessage)
if err != nil {
fmt.Println("ws error", err)
}
currVal := ac.FormatMoneyBigFloat(big.NewFloat(price))
if _, err := w.Write([]byte(currVal)); err != nil {
fmt.Printf("w.Write() returned %v", err)
}
w.Close()
}
}
// start getting the price of ether as soon as they ap starts
func init() {
go startPollingPriceAPI()
}
// Go Routine to start polling
func startPollingPriceAPI() {
for {
time.Sleep(2 * time.Second)
go getPriceFromAPI()
}
}
func getPriceFromAPI() {
w := http.Client{
// Timeout: time.Second * 3,
}
req, _ := http.NewRequest(http.MethodGet, url, nil)
res, err := w.Do(req)
if err != nil {
log.Println("err getting price [req]: ", err)
}
body, err := ioutil.ReadAll(res.Body)
if err != nil {
log.Println("err getting price [io-read]: ", err)
}
r := result{}
if jsonErr := json.Unmarshal(body, &r); jsonErr != nil {
log.Println("err getting price [json]: ", jsonErr)
}
fmt.Println("1 Dollar = €", r["EUR"])
messages <- r["EUR"]
}
package main
import (
"net/http"
"net/http/httputil"
"net/url"
)
func main() {
target := &url.URL{Scheme: "http", Host: "www.google.com"}
proxy := httputil.NewSingleHostReverseProxy(target)
http.Handle("/google", proxy)
http.ListenAndServe(":8099", nil)
}
Reverse Proxy is works. How can I get the response body?
now httputil/reverseproxy, support than, see source
type ReverseProxy struct {
...
// ModifyResponse is an optional function that
// modifies the Response from the backend
// If it returns an error, the proxy returns a StatusBadGateway error.
ModifyResponse func(*http.Response) error
}
func rewriteBody(resp *http.Response) (err error) {
b, err := ioutil.ReadAll(resp.Body) //Read html
if err != nil {
return err
}
err = resp.Body.Close()
if err != nil {
return err
}
b = bytes.Replace(b, []byte("server"), []byte("schmerver"), -1) // replace html
body := ioutil.NopCloser(bytes.NewReader(b))
resp.Body = body
resp.ContentLength = int64(len(b))
resp.Header.Set("Content-Length", strconv.Itoa(len(b)))
return nil
}
// ...
target, _ := url.Parse("http://example.com")
proxy := httputil.NewSingleHostReverseProxy(target)
proxy.ModifyResponse = rewriteBody
httputil.ReverseProxy has a Transport field. You can use it to modify the response. For example:
type transport struct {
http.RoundTripper
}
func (t *transport) RoundTrip(req *http.Request) (resp *http.Response, err error) {
resp, err = t.RoundTripper.RoundTrip(req)
if err != nil {
return nil, err
}
b, err := ioutil.ReadAll(resp.Body)
if err != nil {
return nil, err
}
err = resp.Body.Close()
if err != nil {
return nil, err
}
b = bytes.Replace(b, []byte("server"), []byte("schmerver"), -1)
body := ioutil.NopCloser(bytes.NewReader(b))
resp.Body = body
resp.ContentLength = int64(len(b))
resp.Header.Set("Content-Length", strconv.Itoa(len(b)))
return resp, nil
}
// ...
proxy := httputil.NewSingleHostReverseProxy(target)
proxy.Transport = &transport{http.DefaultTransport}
Playground example of the whole thing: http://play.golang.org/p/b0S5CbCMrI.
I don't know best solution. But you can do something like this:
package main
import (
"fmt"
"net/http"
"net/http/httputil"
"net/url"
)
func main() {
target := &url.URL{Scheme: "http", Host: "www.google.com"}
proxy := httputil.NewSingleHostReverseProxy(target)
http.Handle("/google", CustomHandler(proxy))
http.ListenAndServe(":8099", nil)
}
func CustomHandler(h http.Handler) http.HandlerFunc {
return func(res http.ResponseWriter, req *http.Request) {
h.ServeHTTP(NewCustomWriter(res), req)
}
}
type customWriter struct {
http.ResponseWriter
}
func NewCustomWriter(w http.ResponseWriter) *customWriter {
return &customWriter{w}
}
func (c *customWriter) Header() http.Header {
return c.ResponseWriter.Header()
}
func (c *customWriter) Write(data []byte) (int, error) {
fmt.Println(string(data)) //get response here
return c.ResponseWriter.Write(data)
}
func (c *customWriter) WriteHeader(i int) {
c.ResponseWriter.WriteHeader(i)
}
From source code httptest.ResponseRecorder is use for get the response from the handler
func TestModifyResponseClosesBody(t *testing.T) {
req, _ := http.NewRequest("GET", "http://foo.tld/", nil)
req.RemoteAddr = "1.2.3.4:56789"
closeCheck := new(checkCloser)
logBuf := new(bytes.Buffer)
outErr := errors.New("ModifyResponse error")
rp := &ReverseProxy{
Director: func(req *http.Request) {},
Transport: &staticTransport{&http.Response{
StatusCode: 200,
Body: closeCheck,
}},
ErrorLog: log.New(logBuf, "", 0),
ModifyResponse: func(*http.Response) error {
return outErr
},
}
rec := httptest.NewRecorder()
rp.ServeHTTP(rec, req)
res := rec.Result()
if g, e := res.StatusCode, http.StatusBadGateway; g != e {
t.Errorf("got res.StatusCode %d; expected %d", g, e)
}
if !closeCheck.closed {
t.Errorf("body should have been closed")
}
if g, e := logBuf.String(), outErr.Error(); !strings.Contains(g, e) {
t.Errorf("ErrorLog %q does not contain %q", g, e)
}
}
I cannot get value from session this way, it is nil:
session := initSession(r)
valWithOutType := session.Values[key]
Full code:
package main
import (
"fmt"
"github.com/gorilla/mux"
"github.com/gorilla/sessions"
"log"
"net/http"
)
func main() {
rtr := mux.NewRouter()
rtr.HandleFunc("/setSession", handler1).Methods("GET")
rtr.HandleFunc("/getSession", handler2).Methods("GET")
http.Handle("/", rtr)
log.Println("Listening...")
http.ListenAndServe(":3000", http.DefaultServeMux)
}
func handler1(w http.ResponseWriter, r *http.Request) {
SetSessionValue(w, r, "key", "value")
w.Write([]byte("setSession"))
}
func handler2(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("getSession"))
value := GetSessionValue(w, r, "key")
fmt.Println("value from session")
fmt.Println(value)
}
var authKey = []byte("secret") // Authorization Key
var encKey = []byte("encKey") // Encryption Key
var store = sessions.NewCookieStore(authKey, encKey)
func initSession(r *http.Request) *sessions.Session {
store.Options = &sessions.Options{
MaxAge: 3600 * 1, // 1 hour
HttpOnly: true,
}
session, err := store.Get(r, "golang_cookie")
if err != nil {
panic(err)
}
return session
}
func SetSessionValue(w http.ResponseWriter, r *http.Request, key, value string) {
session := initSession(r)
session.Values[key] = value
fmt.Printf("set session with key %s and value %s\n", key, value)
session.Save(r, w)
}
func GetSessionValue(w http.ResponseWriter, r *http.Request, key string) string {
session := initSession(r)
valWithOutType := session.Values[key]
fmt.Printf("valWithOutType: %s\n", valWithOutType)
value, ok := valWithOutType.(string)
if !ok {
fmt.Println("cannot get session value by key: " + key)
}
return value
}
Output:
myMac ~/forStack/session $ go run ./session.go
2015/01/30 16:47:26 Listening...
First I open url http://localhost:3000/setSession and get output:
set session with key key and value value
Then I open url http://localhost:3000/getSession and get output:
valWithOutType: %!s(<nil>)
cannot get session value by key: key
value from session
Why valWithOutType is nil, although I set it requesting /setSession?
Update
I changed code according to #isza answer, but session value is still nil.
package main
import (
"fmt"
"github.com/gorilla/mux"
"github.com/gorilla/sessions"
"log"
"net/http"
)
func main() {
rtr := mux.NewRouter()
rtr.HandleFunc("/setSession", handler1).Methods("GET")
rtr.HandleFunc("/getSession", handler2).Methods("GET")
http.Handle("/", rtr)
log.Println("Listening...")
store.Options = &sessions.Options{
MaxAge: 3600 * 1, // 1 hour
HttpOnly: true,
Path: "/", // to match all requests
}
http.ListenAndServe(":3000", http.DefaultServeMux)
}
func handler1(w http.ResponseWriter, r *http.Request) {
SetSessionValue(w, r, "key", "value")
w.Write([]byte("setSession"))
}
func handler2(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("getSession"))
value := GetSessionValue(w, r, "key")
fmt.Println("value from session")
fmt.Println(value)
}
var authKey = []byte("secret") // Authorization Key
var encKey = []byte("encKey") // Encryption Key
var store = sessions.NewCookieStore(authKey, encKey)
func initSession(r *http.Request) *sessions.Session {
session, err := store.Get(r, "golang_cookie")
if err != nil {
panic(err)
}
return session
}
func SetSessionValue(w http.ResponseWriter, r *http.Request, key, value string) {
session := initSession(r)
session.Values[key] = value
fmt.Printf("set session with key %s and value %s\n", key, value)
session.Save(r, w)
}
func GetSessionValue(w http.ResponseWriter, r *http.Request, key string) string {
session := initSession(r)
valWithOutType := session.Values[key]
fmt.Printf("valWithOutType: %s\n", valWithOutType)
value, ok := valWithOutType.(string)
if !ok {
fmt.Println("cannot get session value by key: " + key)
}
return value
}
What you are probably doing in your init session function with the get method you are restarting the whole session again so every time you do it the session is empty. I did a quick hack around what you wrote to show you where your error is. Please work around this example!
package appSession
import (
"net/http"
"fmt"
"log"
"github.com/gorilla/sessions"
)
var appSession *sessions.Session;
var authKey = []byte("qwer")
var encKey = []byte("asdf")
var store = sessions.NewCookieStore(authKey, encKey)
func initSession(r *http.Request) *sessions.Session {
log.Println("session before get", appSession)
if appSession != nil {
return appSession;
}
session, err := store.Get(r, "golang_cookie")
appSession = session;
log.Println("session after get", session)
if err != nil {
panic(err)
}
return session
}
func SetSessionValue(w http.ResponseWriter, r *http.Request, key, value string) {
session := initSession(r)
session.Values[key] = value
fmt.Printf("set session with key %s and value %s\n", key, value)
session.Save(r, w)
}
func GetSessionValue(w http.ResponseWriter, r *http.Request, key string) string {
session := initSession(r)
valWithOutType := session.Values[key]
fmt.Printf("valWithOutType: %s\n", valWithOutType)
value, ok := valWithOutType.(string)
log.Println("returned value: ", value);
if !ok {
fmt.Println("cannot get session value by key: " + key)
}
return value
}
In your initSession() function you change the store options:
store.Options = &sessions.Options{
MaxAge: 3600 * 1, // 1 hour
HttpOnly: true,
}
The Options struct also contains an important Path field to which the cookie will apply. If you don't set it, its default value will be the empty string: "". This will most likely cause that the cookie will not be matched with any of your urls/paths, so your existing session will not be found.
Add a path to match all your urls like this:
store.Options = &sessions.Options{
Path: "/", // to match all requests
MaxAge: 3600 * 1, // 1 hour
HttpOnly: true,
}
Also you shouldn't change store.Options in each call of initSession() since you call this in each incoming request. Just set this once when you create your store like this:
var store = sessions.NewCookieStore(authKey, encKey)
func init() {
store.Options = &sessions.Options{
Path: "/", // to match all requests
MaxAge: 3600 * 1, // 1 hour
HttpOnly: true,
}
}
As I have not found answer I decided not to use cookie store but use redis store for sessions. And I found full working example here
package main
import (
"fmt"
"github.com/aaudis/GoRedisSession"
"log"
"net/http"
)
var (
redis_session *rsess.SessionConnect
)
func main() {
// Configurable parameters
rsess.Prefix = "sess:" // session prefix (in Redis)
rsess.Expire = 1800 // 30 minute session expiration
// Connecting to Redis and creating storage instance
temp_sess, err := rsess.New("sid", 0, "127.0.0.1", 6379)
if err != nil {
log.Printf("%s", err)
}
redis_session = temp_sess // assing to global variable
http.HandleFunc("/", Root)
http.HandleFunc("/get", Get)
http.HandleFunc("/set", Set)
http.HandleFunc("/des", Des)
http.ListenAndServe(":8888", nil)
}
func Root(w http.ResponseWriter, r *http.Request) {
w.Header().Add("Content-Type", "text/html")
fmt.Fprintf(w, `
Redis session storage example:<br><br>
Store key in session<br>
Get key value from session<br>
Destroy session
`)
}
// Destroy session
func Des(w http.ResponseWriter, r *http.Request) {
s := redis_session.Session(w, r)
s.Destroy(w)
fmt.Fprintf(w, "Session deleted!")
}
// Set variable to session
func Set(w http.ResponseWriter, r *http.Request) {
s := redis_session.Session(w, r)
s.Set("UserID", "1000")
fmt.Fprintf(w, "Setting session variable done!")
}
// Get variable from session
func Get(w http.ResponseWriter, r *http.Request) {
s := redis_session.Session(w, r)
fmt.Fprintf(w, "Value %s", s.Get("UserID"))
}
I played with your code for a long time and finally found out that it does not work, because you set the encryption key to an illegal value.
In the /gorilla/sessions documentation it says:
The encryption key, if set, must be either 16, 24, or 32 bytes to select AES-128, AES-192, or AES-256 modes.
So since I believe that var encKey = []byte("encKey") simply does not follow this requirement. In turn, the cookie is not set in the first place.
See my code for reference. I basically added some more command line output and used a template with a redirect:
package main
import (
"fmt"
"github.com/gorilla/mux"
"github.com/gorilla/sessions"
"html/template"
"log"
"net/http"
)
var authKey = []byte("secret") // Authorization Key
//var encKey = []byte("encKey") // Encryption Key
var store sessions.Store
func main() {
rtr := mux.NewRouter()
rtr.HandleFunc("/setSession/", handler1).Methods("GET")
rtr.HandleFunc("/getSession/", handler2).Methods("GET")
http.Handle("/", rtr)
store = GetCookieStore()
log.Println("Listening...")
http.ListenAndServe(":4000", http.DefaultServeMux)
}
//setting up the cookiestore
func GetCookieStore() sessions.Store {
//maxAge := 3600 * 1 // 1 hour
maxAge := 100
//cookieStore := sessions.NewCookieStore(authKey, encKey)
cookieStore := sessions.NewCookieStore(authKey)
cookieStore.Options.HttpOnly = true
cookieStore.Options.Path = "/" // to match all requests
cookieStore.MaxAge(maxAge)
return cookieStore
}
func handler1(w http.ResponseWriter, r *http.Request) {
t, _ := template.New("foo").Parse(getSessionTemplate)
SetSessionValue(w, r, "key", "value")
session := initSession(r)
fmt.Print("handler1: ")
fmt.Println(session)
Value, ok := session.Values["key"].(string)
if !ok {
fmt.Println("Type assertion to string failed or session value could not be retrieved.")
}
t.Execute(w, Value)
}
func handler2(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("getSession"))
session := initSession(r)
fmt.Print("handler2: ")
fmt.Println(session)
value := GetSessionValue(w, r, "key")
fmt.Println("value from session")
fmt.Println(value)
}
func initSession(r *http.Request) *sessions.Session {
session, err := store.Get(r, "_golang_cookie")
if err != nil {
panic(err)
}
return session
}
func SetSessionValue(w http.ResponseWriter, r *http.Request, key, value string) {
session := initSession(r)
session.Values[key] = value
fmt.Printf("set session with key %s and value %s\n", key, value)
session.Save(r, w)
fmt.Print("setsession: ")
fmt.Println(session)
}
func GetSessionValue(w http.ResponseWriter, r *http.Request, key string) string {
session := initSession(r)
fmt.Print("getsession: ")
fmt.Println(session)
valWithOutType := session.Values[key]
fmt.Printf("valWithOutType: %s\n", valWithOutType)
value, ok := valWithOutType.(string)
if !ok {
fmt.Println("cannot get session value by key: " + key)
}
return value
}
var getSessionTemplate = `
<p><label>Session value set:</label></p>
<p><label>Value: is now: {{.}}</label></p>
<p>Getsession</p>`