Add an example for sessions + securecookie. Relative: http://support.iris-go.com/d/29-mark-cookie-for-session-as-secure

Former-commit-id: 10c30aabdf6b8fa59457ed8296b3e87108d3861c
2026-01-07 12:07:28 +00:00 · 2017-03-18 23:43:04 +02:00
parent d51c0b7b50
commit 73dc9adf10
9 changed files with 213 additions and 81 deletions
--- a/adaptors/sessions/_examples/database/main.go
+++ b/adaptors/sessions/_examples/database/main.go
@@ -0,0 +1,73 @@
+package main
+
+import (
+	"gopkg.in/kataras/iris.v6"
+	"gopkg.in/kataras/iris.v6/adaptors/httprouter"
+	"gopkg.in/kataras/iris.v6/adaptors/sessions"
+	"gopkg.in/kataras/iris.v6/adaptors/sessions/sessiondb/redis"
+	"gopkg.in/kataras/iris.v6/adaptors/sessions/sessiondb/redis/service"
+)
+
+func main() {
+	// replace with your running redis' server settings:
+	db := redis.New(service.Config{Network: service.DefaultRedisNetwork,
+		Addr:          service.DefaultRedisAddr,
+		Password:      "",
+		Database:      "",
+		MaxIdle:       0,
+		MaxActive:     0,
+		IdleTimeout:   service.DefaultRedisIdleTimeout,
+		Prefix:        "",
+		MaxAgeSeconds: service.DefaultRedisMaxAgeSeconds}) // optionally configure the bridge between your redis server
+
+	mySessions := sessions.New(sessions.Config{Cookie: "mysessionid"})
+
+	//
+	// IMPORTANT:
+	//
+	mySessions.UseDatabase(db)
+
+	// the rest of the code stays the same.
+	app := iris.New()
+	app.Adapt(iris.DevLogger()) // enable all (error) logs
+	app.Adapt(httprouter.New()) // select the httprouter as the servemux
+
+	// Adapt the session manager we just created
+	app.Adapt(mySessions)
+
+	app.Get("/", func(ctx *iris.Context) {
+		ctx.Writef("You should navigate to the /set, /get, /delete, /clear,/destroy instead")
+	})
+	app.Get("/set", func(ctx *iris.Context) {
+
+		//set session values
+		ctx.Session().Set("name", "iris")
+
+		//test if setted here
+		ctx.Writef("All ok session setted to: %s", ctx.Session().GetString("name"))
+	})
+
+	app.Get("/get", func(ctx *iris.Context) {
+		// get a specific key, as string, if no found returns just an empty string
+		name := ctx.Session().GetString("name")
+
+		ctx.Writef("The name on the /set was: %s", name)
+	})
+
+	app.Get("/delete", func(ctx *iris.Context) {
+		// delete a specific key
+		ctx.Session().Delete("name")
+	})
+
+	app.Get("/clear", func(ctx *iris.Context) {
+		// removes all entries
+		ctx.Session().Clear()
+	})
+
+	app.Get("/destroy", func(ctx *iris.Context) {
+		//destroy, removes the entire session data and cookie
+		ctx.SessionDestroy()
+	})
+
+	app.Listen(":8080")
+}
--- a/adaptors/sessions/_examples/securecookie/main.go
+++ b/adaptors/sessions/_examples/securecookie/main.go
@@ -0,0 +1,79 @@
+package main
+
+import (
+	// developers can use any library to add a custom cookie encoder/decoder.
+	// At this example we use the gorilla's securecookie library:
+	"github.com/gorilla/securecookie"
+
+	"gopkg.in/kataras/iris.v6"
+	"gopkg.in/kataras/iris.v6/adaptors/httprouter"
+	"gopkg.in/kataras/iris.v6/adaptors/sessions"
+)
+
+func main() {
+	app := iris.New()
+	app.Adapt(iris.DevLogger()) // enable all (error) logs
+	app.Adapt(httprouter.New()) // select the httprouter as the servemux
+
+	cookieName := "mycustomsessionid"
+	// AES only supports key sizes of 16, 24 or 32 bytes.
+	// You either need to provide exactly that amount or you derive the key from what you type in.
+	hashKey := []byte("the-big-and-secret-fash-key-here")
+	blockKey := []byte("lot-secret-of-characters-big-too")
+	secureCookie := securecookie.New(hashKey, blockKey)
+
+	mySessions := sessions.New(sessions.Config{
+		Cookie: cookieName,
+		Encode: secureCookie.Encode,
+		Decode: secureCookie.Decode,
+	})
+
+	app.Adapt(mySessions)
+
+	// OPTIONALLY:
+	// import "gopkg.in/kataras/iris.v6/adaptors/sessions/sessiondb/redis"
+	// or import "github.com/kataras/go-sessions/sessiondb/$any_available_community_database"
+	// mySessions.UseDatabase(redis.New(...))
+
+	app.Adapt(mySessions) // Adapt the session manager we just created.
+
+	app.Get("/", func(ctx *iris.Context) {
+		ctx.Writef("You should navigate to the /set, /get, /delete, /clear,/destroy instead")
+	})
+	app.Get("/set", func(ctx *iris.Context) {
+
+		//set session values
+		ctx.Session().Set("name", "iris")
+
+		//test if setted here
+		ctx.Writef("All ok session setted to: %s", ctx.Session().GetString("name"))
+	})
+
+	app.Get("/get", func(ctx *iris.Context) {
+		// get a specific key, as string, if no found returns just an empty string
+		name := ctx.Session().GetString("name")
+
+		ctx.Writef("The name on the /set was: %s", name)
+	})
+
+	app.Get("/delete", func(ctx *iris.Context) {
+		// delete a specific key
+		ctx.Session().Delete("name")
+	})
+
+	app.Get("/clear", func(ctx *iris.Context) {
+		// removes all entries
+		ctx.Session().Clear()
+	})
+
+	app.Get("/destroy", func(ctx *iris.Context) {
+		//destroy, removes the entire session data and cookie
+		ctx.SessionDestroy()
+	}) // Note about destroy:
+	//
+	// You can destroy a session outside of a handler too, using the:
+	// mySessions.DestroyByID
+	// mySessions.DestroyAll
+
+	app.Listen(":8080")
+}
--- a/adaptors/sessions/_examples/standalone/main.go
+++ b/adaptors/sessions/_examples/standalone/main.go
@@ -0,0 +1,82 @@
+package main
+
+import (
+	"time"
+
+	"gopkg.in/kataras/iris.v6"
+	"gopkg.in/kataras/iris.v6/adaptors/httprouter"
+	"gopkg.in/kataras/iris.v6/adaptors/sessions"
+)
+
+func main() {
+	app := iris.New()
+	app.Adapt(iris.DevLogger()) // enable all (error) logs
+	app.Adapt(httprouter.New()) // select the httprouter as the servemux
+
+	mySessions := sessions.New(sessions.Config{
+		// Cookie string, the session's client cookie name, for example: "mysessionid"
+		//
+		// Defaults to "irissessionid"
+		Cookie: "mysessionid",
+		// it's time.Duration, from the time cookie is created, how long it can be alive?
+		// 0 means no expire.
+		// -1 means expire when browser closes
+		// or set a value, like 2 hours:
+		Expires: time.Hour * 2,
+		// the length of the sessionid's cookie's value
+		CookieLength: 32,
+		// if you want to invalid cookies on different subdomains
+		// of the same host, then enable it
+		DisableSubdomainPersistence: false,
+		// want to be crazy safe? Take a look at the "securecookie" example folder.
+	})
+
+	// OPTIONALLY:
+	// import "gopkg.in/kataras/iris.v6/adaptors/sessions/sessiondb/redis"
+	// or import "github.com/kataras/go-sessions/sessiondb/$any_available_community_database"
+	// mySessions.UseDatabase(redis.New(...))
+
+	app.Adapt(mySessions) // Adapt the session manager we just created.
+
+	app.Get("/", func(ctx *iris.Context) {
+		ctx.Writef("You should navigate to the /set, /get, /delete, /clear,/destroy instead")
+	})
+	app.Get("/set", func(ctx *iris.Context) {
+
+		//set session values
+		ctx.Session().Set("name", "iris")
+
+		//test if setted here
+		ctx.Writef("All ok session setted to: %s", ctx.Session().GetString("name"))
+	})
+
+	app.Get("/get", func(ctx *iris.Context) {
+		// get a specific key, as string, if no found returns just an empty string
+		name := ctx.Session().GetString("name")
+
+		ctx.Writef("The name on the /set was: %s", name)
+	})
+
+	app.Get("/delete", func(ctx *iris.Context) {
+		// delete a specific key
+		ctx.Session().Delete("name")
+	})
+
+	app.Get("/clear", func(ctx *iris.Context) {
+		// removes all entries
+		ctx.Session().Clear()
+	})
+
+	app.Get("/destroy", func(ctx *iris.Context) {
+
+		//destroy, removes the entire session data and cookie
+		ctx.SessionDestroy()
+	})
+	// Note about Destroy:
+	//
+	// You can destroy a session outside of a handler too, using the:
+	// mySessions.DestroyByID
+	// mySessions.DestroyAll
+
+	app.Listen(":8080")
+}