Title: Session Management Desc: aah Session provides HTTP state management for web application and Stateless Session for API application. HMAC Signed session data, AES Encrypted session data, Extensible session.Storer interface. Keywords: session, stateless session, stateful session, http state management, hmac signed, aes encrypted, external store
aah Session library provides HTTP state management for web application and Stateless session for API application.
Features:
- Extensible
session.Storerinterface - HMAC Signed session data
- AES Encrypted session data
Out-of-the-box aah framework provides Cookie and File as a Session Store to persist encrypted session data. Also it provides extensible interface session.Storer for adapting other storage types; like Key-Value Database, NoSQL Database, and RDBMS. For implementation sample please refer session.FileStore; it's very easy.
Non-cookie store session data is maintained via store interface. Only Session ID is transmitted over the wire via Cookie.
If you would like to store custom types in session then Register your custom types using gob.Register(...).
Reference to Session Configuration.
// Storer is interface for implementing pluggable session storage.
Storer interface {
Init(appCfg *config.Config) error
Read(id string) string
Save(id, value string) error
Delete(id string) error
IsExists(id string) bool
Cleanup(m *Manager)
}Add the user-defined custom session store into aah framework.
// Refer `session.FileStore` for implementation sample
func init() {
aah.AddSessionStore("redis", &RedisSessionStore{})
}Configuring user-defined custom store for session data storage in the security.conf.
security {
session {
# ....
store {
type = "redis"
}
# ....
}
}