我的书签
添加书签
移除书签Sessions
This example will show how to store data in session cookies using the popular gorilla/sessions package in Go.
Cookies are small pieces of data stored in the browser of a user and are sent to our server on each request. In them, we can store e.g. whether or not a user is logged in into our website and figure out who he actually is (in our system).
In this example we will only allow authenticated users to view our secret message on the /secret page. To get access to it, the will first have to visit /login to get a valid session cookie, which logs him in. Additionally he can visit /logout to revoke his access to our secret message.
// sessions.gopackage mainimport ("fmt""net/http""github.com/gorilla/sessions")var (// key must be 16, 24 or 32 bytes long (AES-128, AES-192 or AES-256)key = []byte("super-secret-key")store = sessions.NewCookieStore(key))func secret(w http.ResponseWriter, r *http.Request) {session, _ := store.Get(r, "cookie-name")// Check if user is authenticatedif auth, ok := session.Values["authenticated"].(bool); !ok || !auth {http.Error(w, "Forbidden", http.StatusForbidden)return}// Print secret messagefmt.Fprintln(w, "The cake is a lie!")}func login(w http.ResponseWriter, r *http.Request) {session, _ := store.Get(r, "cookie-name")// Authentication goes here// ...// Set user as authenticatedsession.Values["authenticated"] = truesession.Save(r, w)}func logout(w http.ResponseWriter, r *http.Request) {session, _ := store.Get(r, "cookie-name")// Revoke users authenticationsession.Values["authenticated"] = falsesession.Save(r, w)}func main() {http.HandleFunc("/secret", secret)http.HandleFunc("/login", login)http.HandleFunc("/logout", logout)http.ListenAndServe(":8080", nil)}
$ go run sessions.go$ curl -s http://localhost:8080/secretForbidden$ curl -s -I http://localhost:8080/loginSet-Cookie: cookie-name=MTQ4NzE5Mz...$ curl -s --cookie "cookie-name=MTQ4NzE5Mz..." http://localhost:8080/secretThe cake is a lie!
当前内容版权归 gowebexamples 或其关联方所有,如需对内容或内容相关联开源项目进行关注与资助,请访问 gowebexamples .
