Gorilla Sessions

[!IMPORTANT] The latest version of this repository requires go 1.23 because of the new partitioned attribute. The last version that is compatible with older versions of go is v1.3.0.

gorilla/sessions provides cookie and filesystem sessions and infrastructure for custom session backends.

The key features are:

• Simple API: use it as an easy way to set signed (and optionally encrypted) cookies.
• Built-in backends to store sessions in cookies or the filesystem.
• Flash messages: session values that last until read.
• Convenient way to switch session persistency (aka "remember me") and set other attributes.
• Mechanism to rotate authentication and encryption keys.
• Multiple sessions per request, even using different backends.
• Interfaces and infrastructure for custom session backends: sessions from different stores can be retrieved and batch-saved using a common API.

Let's start with an example that shows the sessions API in a nutshell:

	import (
		"net/http"
		"github.com/gorilla/sessions"
	)

	// Note: Don't store your key in your source code. Pass it via an
	// environmental variable, or flag (or both), and don't accidentally commit it
	// alongside your code. Ensure your key is sufficiently random - i.e. use Go's
	// crypto/rand or securecookie.GenerateRandomKey(32) and persist the result.
	var store = sessions.NewCookieStore([]byte(os.Getenv("SESSION_KEY")))

	func MyHandler(w http.ResponseWriter, r *http.Request) {
		// Get a session. We're ignoring the error resulted from decoding an
		// existing session: Get() always returns a session, even if empty.
		session, _ := store.Get(r, "session-name")
		// Set some session values.
		session.Values["foo"] = "bar"
		session.Values[42] = 43
		// Save it before we write to the response/return from the handler.
		err := session.Save(r, w)
		if err != nil {
			http.Error(w, err.Error(), http.StatusInternalServerError)
			return
		}
	}

First we initialize a session store calling NewCookieStore() and passing a secret key used to authenticate the session. Inside the handler, we call store.Get() to retrieve an existing session or create a new one. Then we set some session values in session.Values, which is a map[interface{}]interface{}. And finally we call session.Save() to save the session in the response.

More examples are available at package documentation.

Store Implementations

Other implementations of the sessions.Store interface:

• github.com/starJammer/gorilla-sessions-arangodb - ArangoDB
• github.com/yosssi/boltstore - Bolt
• github.com/srinathgs/couchbasestore - Couchbase
• github.com/denizeren/dynamostore - Dynamodb on AWS
• github.com/savaki/dynastore - DynamoDB on AWS (Official AWS library)
• github.com/bradleypeabody/gorilla-sessions-memcache - Memcache
• github.com/dsoprea/go-appengine-sessioncascade - Memcache/Datastore/Context in AppEngine
• github.com/kidstuff/mongostore - MongoDB
• github.com/srinathgs/mysqlstore - MySQL
• github.com/danielepintore/gorilla-sessions-mysql - MySQL
• github.com/EnumApps/clustersqlstore - MySQL Cluster
• github.com/antonlindstrom/pgstore - PostgreSQL
• github.com/boj/redistore - Redis
• github.com/rbcervilla/redisstore - Redis (Single, Sentinel, Cluster)
• github.com/boj/rethinkstore - RethinkDB
• github.com/boj/riakstore - Riak
• github.com/michaeljs1990/sqlitestore - SQLite
• github.com/wader/gormstore - GORM (MySQL, PostgreSQL, SQLite)
• github.com/gernest/qlstore - ql
• github.com/quasoft/memstore - In-memory implementation for use in unit tests
• github.com/lafriks/xormstore - XORM (MySQL, PostgreSQL, SQLite, Microsoft SQL Server, TiDB)
• github.com/GoogleCloudPlatform/firestore-gorilla-sessions - Cloud Firestore
• github.com/stephenafamo/crdbstore - CockroachDB
• github.com/ryicoh/tikvstore - TiKV

License

BSD licensed. See the LICENSE file for details.