Sessions

这个例子将会展示如何通过流行的 gorilla/sessions 会话 cookies.

cookie 是存储在用户浏览器中的小数据,并在每次请求时发送到服务器。在它们中,我们可以存储用户是否登录到我们的网站,并找出它时间上是谁(在我们系统中.

在本例中,我们只允许经过身份验证在/secret 页上查看隐私的信息。要访问它,首先要访问/login得到有效的会话cookie.此外,他可以访问/logout 来注销我们访问私密信息的权限.

  1. // sessions.go
  2. package main
  4. import (
  5.     "fmt"
  6.     "net/http"
  8.     "github.com/gorilla/sessions"
  9. )
  11. var (
  12.     // key must be 16, 24 or 32 bytes long (AES-128, AES-192 or AES-256)
  13.     key = []byte("super-secret-key")
  14.     store = sessions.NewCookieStore(key)
  15. )
  17. func secret(w http.ResponseWriter, r *http.Request) {
  18.     session, _ := store.Get(r, "cookie-name")
  20.     // Check if user is authenticated
  21.     if auth, ok := session.Values["authenticated"].(bool); !ok || !auth {
  22.         http.Error(w, "Forbidden", http.StatusForbidden)
  23.         return
  24.     }
  26.     // Print secret message
  27.     fmt.Fprintln(w, "The cake is a lie!")
  28. }
  30. func login(w http.ResponseWriter, r *http.Request) {
  31.     session, _ := store.Get(r, "cookie-name")
  33.     // Authentication goes here
  34.     // ...
  36.     // Set user as authenticated
  37.     session.Values["authenticated"] = true
  38.     session.Save(r, w)
  39. }
  41. func logout(w http.ResponseWriter, r *http.Request) {
  42.     session, _ := store.Get(r, "cookie-name")
  44.     // Revoke users authentication
  45.     session.Values["authenticated"] = false
  46.     session.Save(r, w)
  47. }
  49. func main() {
  50.     http.HandleFunc("/secret", secret)
  51.     http.HandleFunc("/login", login)
  52.     http.HandleFunc("/logout", logout)
  54.     http.ListenAndServe(":8080", nil)
  55. }
  1. $ go run sessions.go
  3. $ curl -s http://localhost:8080/secret
  4. Forbidden
  6. $ curl -s -I http://localhost:8080/login
  7. Set-Cookie: cookie-name=MTQ4NzE5Mz...
  9. $ curl -s --cookie "cookie-name=MTQ4NzE5Mz..." http://localhost:8080/secret
  10. The cake is a lie!