GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → swithek → Sessionup

swithek / Sessionup

Licence: mit
Straightforward HTTP session management

Programming Languages

go
31211 projects - #10 most used programming language
golang
3204 projects

Labels

httpsessioncookies

Projects that are alternatives of or similar to Sessionup

Authenticationintro
Stars: ✭ 82 (-23.36%)
Mutual labels:  cookies, session
firebase-spring-boot-rest-api-authentication
Firebase Spring Boot Rest API Authentication
Stars: ✭ 172 (+60.75%)
Mutual labels:  cookies, session
iron-session
🛠 Node.js stateless session utility using signed and encrypted cookies to store data. Works with Next.js, Express, NestJs, Fastify, and any Node.js HTTP framework.
Stars: ✭ 1,729 (+1515.89%)
Mutual labels:  cookies, session
Scs
HTTP Session Management for Go
Stars: ✭ 847 (+691.59%)
Mutual labels:  session
Session
A session handler for PHP and Slim 4+
Stars: ✭ 33 (-69.16%)
Mutual labels:  session
Django Qsessions
Extended session backends for Django (Sessions store IP, User Agent, and foreign key to User)
Stars: ✭ 64 (-40.19%)
Mutual labels:  session
Fcuuid
iOS UUID / Universally Unique Identifiers library as alternative to UDID and identifierForVendor. 📱
Stars: ✭ 1,387 (+1196.26%)
Mutual labels:  session
Vue express session nodb
这是一个带有express session验证的vue项目,其中server适用于其他任何前端框架,开发者可以根据自己的需求进行更改;另外session存储不涉及数据库存储,使用的是内存存储。
Stars: ✭ 24 (-77.57%)
Mutual labels:  session
Memorystore
express-session full featured MemoryStore layer without leaks!
Stars: ✭ 79 (-26.17%)
Mutual labels:  session
Theming Demo
https://codesandbox.io/s/github/juliaqiuxy/theming-demo/tree/master/?from-embed
Stars: ✭ 59 (-44.86%)
Mutual labels:  cookies
Cookies
Signed and unsigned cookies based on Keygrip
Stars: ✭ 1,090 (+918.69%)
Mutual labels:  cookies
Cookie Autodelete
Firefox and Chrome WebExtension that deletes cookies and other browsing site data as soon as the tab closes, domain changes, browser restarts, or a combination of those events.
Stars: ✭ 1,015 (+848.6%)
Mutual labels:  cookies
Sesshin
PHP secure advanced session manager.
Stars: ✭ 64 (-40.19%)
Mutual labels:  session
Nsudo
Series of System Administration Tools
Stars: ✭ 945 (+783.18%)
Mutual labels:  session
Multiplatform Preferences
Kotlin Multi Platform Preferences, for android an ios : SharedPreferences & NSUserDefault
Stars: ✭ 76 (-28.97%)
Mutual labels:  session
Dragon
⚡A powerful HTTP router and URL matcher for building Deno web servers.
Stars: ✭ 56 (-47.66%)
Mutual labels:  cookies
Cookie Session
Simple cookie-based session middleware
Stars: ✭ 928 (+767.29%)
Mutual labels:  session
Example Auth
User auth, session & JWT example for ReactQL
Stars: ✭ 51 (-52.34%)
Mutual labels:  session
Beauty
A microframework based on mymysql,net/http,jwt-go and mux.
Stars: ✭ 61 (-42.99%)
Mutual labels:  session
Ihavecookies
jQuery plugin to display cookie consent message (EU regulation)
Stars: ✭ 106 (-0.93%)
Mutual labels:  cookies
View All Similar Projects ➔

sessionup 🚀

GoDoc Build status Test coverage Go Report Card

Simple, yet effective HTTP session management and identification package

Features

  • Effortless session management:
    • Initialization.
    • Request authentication.
    • Retrieval of all sessions.
    • Revokation of the current session.
    • Revokation of all other sessions.
    • Revokation of all sessions.
  • Optionally identifiable sessions (IP address, OS, browser).
  • Authentication via middleware.
  • Fully customizable, but with sane defaults.
  • Lightweight.
  • Straightforward API.
  • Allows custom session stores.

Installation

go get github.com/swithek/sessionup

Usage

The first thing you will need, in order to start creating and validating your sessions, is a Manager:

store := memstore.New(time.Minute * 5)
manager := sessionup.NewManager(store)

Out-of-the-box sessionup's Manager instance comes with recommended OWASP configuration options already set, but if you feel the need to customize the behaviour and the cookie values the Manager will use, you can easily provide your own options:

manager := sessionup.NewManager(store, sessionup.Secure(false), sessionup.ExpiresIn(time.Hour * 24))

During registration, login or whenever you want to create a fresh session, you have to call the Init method and provide a key by which the sessions will be grouped during revokation and retrieval. The key can be anything that defines the owner of the session well: ID, email, username, etc.

func login(w http.ResponseWriter, r *http.Request) {
      userID := ...
      if err := manager.Init(w, r, userID); err != nil {
            // handle error
      }
      // success
}

You can store additional information with your session as well.

func login(w http.ResponseWriter, r *http.Request) {
      userID := ...
      err := manager.Init(w, r, userID, sessionup.MetaEntry("permission", "write"), sessionup.MetaEntry("age", "111"))
      if err != nil {
            // handle error
      }
      // success
}

Public / Auth middlewares check whether the request has a cookie with a valid session ID and add the session to the request's context. Public, contrary to Auth, does not call the Manager's rejection function (also customizable), thus allowing the wrapped handler to execute successfully.

http.Handle("/", manager.Public(publicHandler))
http.Handle("/private", manager.Auth(privateHandler))

There's a FetchAll method, should you want to retrieve all sessions under the same key as the current context session:

func retrieveAll(w http.ResponseWriter, r *http.Request) {
      sessions, err := manager.FetchAll(r.Context())
      if err != nil {
            // handle error
      }
      // success
}

When the time comes for session termination, use Revoke method:

func logout(w http.ResponseWriter, r *http.Request) {	
      if err := manager.Revoke(r.Context(), w); err != nil {
            // handle error
      }
      // success
}

What if you want to revoke all sessions under the same key as the current context session? Use RevokeAll:

func revokeAll(w http.ResponseWriter, r *http.Request) {
      if err := manager.RevokeAll(r.Context(), w); err != nil {
            // handle error
      }
      // success
}

... and if you want to revoke all sessions under the same key as the current context session excluding the current context session, use RevokeOther:

func revokeOther(w http.ResponseWriter, r *http.Request) {
      if err := manager.RevokeOther(r.Context()); err != nil {
            // handle error
      }
      // success
}

Sessions & Cookies

On each Init method call, a new random session ID will be generated. Since only the generated ID and no sensitive data is being stored in the cookie, there is no need to encrypt anything. If you think that the generation functionality lacks randomness or has other issues, pass your custom ID generation function as an option when creating a new Manager.

Store implementations

Custom stores need to implement the Store interface to be used by the Manager.

Limitations

sessionup offers server-only session storing and management, since the functionality to revoke/retrieve session not in the incoming request is not possible with cookie stores.

Demo

You can see sessionup in action by trying out the demo in cmd/example/

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].