After reviewing the existing Go session libraries I found they were too complex. Sometimes without providing common features such as flash message storage or an easy way to be used as a middleware.
This library removes one feature I've never found a use for: multiple concurent sessions with different backends and cookies which drastically simplifies things. If you need that feature then the other, more complex libraries should be used.
This library is based on ideas and designs found in:
- don't require sessions for every user, just those that login (separate from CSRF cookie)
- make sessions available through multiple handlers via context
Option 1: always set session in ctx
session.Middleware(handler) (sets session in ctx even if we never call .Load()/.Save() later) session := session.Load(r) session.Save(w)
Option 2: in each middleware: (but how do we sync the session data?)
s := session.Load(r) // must do *r = *r.WithContext() if context doesn't already exist s.Save(w)
- https://github.com/gorilla/sessions
- https://github.com/go-session/session
- https://github.com/astaxie/beego/tree/develop/adapter/session
- https://github.com/gofiber/fiber/blob/master/middleware/session
Many session libraries want you to provide a configuration object specifying all the HTTP cookie options you want for the sessions. It makes more sense to simply provide a base http.Cookie
Several sessions libraries work by making an instance of a store or registry that contains the configuration. Then when a new session is created a reference to the store is added to it so it can save it self when requested by the client.