Sessions: Cross Web Server Session

@CasperHK That's what you get by default with cookies: as long as servers are all part of the same domain (e.g. github.com, or *.github.com) then the cookie will be sent by the browser.

Alternatively, sessions also supports server-side stores - all servers would need to be able to connect to that store (be it Redis, or PostgreSQL, etc).

gorilla/session seems great for my task. Actually, I want to use Go on my final year project in my university and now I have 12 ubuntu servers under the same domain. Some of them will be used as web servers and one will be used as a MySQL database server. Therefore, I want to implement a MySQL-based session service to allow session data synchronized in all web servers.
Previously, I tried to program the MySQL-based cross server session. If srinathgs/mysqlstore provide a easier way to do the same, it is great for me to study and simplify my work.

Use the default CookieStore, and if all servers have the same signing key,
and exist on the same domain, it will work as is.

On Sun, Jul 24, 2016 at 10:48 PM Casper LI [email protected] wrote:

gorilla/session seems great for my task. Actually, I want to use Go on my
final year project in my university and now I have 12 ubuntu servers under
the same domain. Some of them will be used as web servers and one will be
used as a MySQL database server. Therefore, I want to implement a
MySQL-based session service to allow session data synchronized in all web
servers.
Previously, I tried to program the MySQL-based cross server session. If "
github.com/gorilla/sessions" provide a easier way to do the same, it is
great for me to study and simplify my work.

—
You are receiving this because you were assigned.

Reply to this email directly, view it on GitHub
https://github.com/gorilla/sessions/issues/87#issuecomment-234845955,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AABIcNfC7H8DrZq5NX1Tu7W_Vd1LM5BIks5qZE43gaJpZM4JTizF
.

Sorry, I want to ask what the default CookieStore and the signing key are? CookieStore means gorilla/sessions package?

Yes. Take a look at http://www.gorillatoolkit.org/pkg/sessions -

• something-very-secret is the signing key
• sessions.NewCookieStore returns a *CookieStore, which does not require a database/shared state between your servers.

import (
    "net/http"
    "github.com/gorilla/sessions"
)

var store = sessions.NewCookieStore([]byte("something-very-secret"))

func MyHandler(w http.ResponseWriter, r *http.Request) {
    // Get a session. We're ignoring the error resulted from decoding an
    // existing session: Get() always returns a session, even if empty.
    session, err := store.Get(r, "session-name")
    if err != nil {
        http.Error(w, err.Error(), http.StatusInternalServerError)
        return
    }

    // Set some session values.
    session.Values["foo"] = "bar"
    session.Values[42] = 43
    // Save it before we write to the response/return from the handler.
    session.Save(r, w)
}

I have read the code. When I look at

var store = sessions.NewCookieStore([]byte("something-very-secret")) 

I wonder whether the store variable is used in every handlers through out the project. If so, it seems that I need to wrap it in another package and make it exported. This is because I separated all different handlers in different packages according to which page they are serving, (e.g. index, projbrwsr, codeeditor) and those handler have to call to the same Store.

something-very-secret is said to be a secret key but I don't have any idea what I should pass to the function NewCookieStore().

Inject store (sessions.Store) as a dependency into your other packages.

On Mon, Jul 25, 2016 at 8:57 AM Casper LI [email protected] wrote:

I have read the code. When I look at

var store = sessions.NewCookieStore([]byte("something-very-secret"))

I wonder whether the store variable is used in every handlers through out
the project. If so, it seems that I need to wrap it in another package and
make it exported. This is because I separated all different handlers in
different packages according to which page they are serving, (e.g. index,
projbrwsr, codeeditor) and those handler have to call to the same Store.
[image: image]
https://cloud.githubusercontent.com/assets/6957401/17107410/a34dcc50-52c1-11e6-92f7-a4227da60244.png

—
You are receiving this because you were assigned.

Reply to this email directly, view it on GitHub
https://github.com/gorilla/sessions/issues/87#issuecomment-234996994,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AABIcOHzeq8IabUoj-SZx_B-7er-PJf9ks5qZNzsgaJpZM4JTizF
.

something-very-secret is said to be a secret key but I don't have any idea what I should pass to the function NewCookieStore().

https://godoc.org/github.com/gorilla/sessions#NewCookieStore

Keys are defined in pairs to allow key rotation, but the common case is to set a single authentication key and optionally an encryption key.
The first key in a pair is used for authentication and the second for encryption. The encryption key can be set to nil or omitted in the last pair, but the authentication key is required in all pairs.

NewCookieStore takes an authentication/signing key and an (optional) encryption key.

Sorry, Iam quite new to Go. Could you explain more about Inject store or give me a link for explanation? Thank you.

@CasperHK Have your packages' constructors accept their dependencies - e.g.

• NewProjectBrowser(store sessions.Store, debug bool) (*ProjectBrowser, error) { ... }
• NewCodeEditor(store sessions.Store) (*CodeEditor, error) { ... }

In main.go

func main() {
    // Create a store, and then pass it (inject it) into your other packages via their constructors
    store  := sessions.NewCookieStore(key)
    ...
    ce, err := package.NewCodeEditor(store)
    ...
    pb, err := package.NewProjectBrowser(store)
    ...
}

Closing due to inactivity.