// NewCookieStore returns a new CookieStore.
//
// Keys are defined in pairs to allow key rotation, but the common case is
// to set a single authentication key and optionally an encryption key.
//
// The first key in a pair is used for authentication and the second for
// encryption. The encryption key can be set to nil or omitted in the last
// pair, but the authentication key is required in all pairs.
//
// It is recommended to use an authentication key with 32 or 64 bytes.
// The encryption key, if set, must be either 16, 24, or 32 bytes to select
// AES-128, AES-192, or AES-256 modes.
//
// Use the convenience function securecookie.GenerateRandomKey() to create
// strong keys.
func NewCookieStore(keyPairs ...[]byte) *CookieStore {
return &CookieStore{
Codecs: securecookie.CodecsFromPairs(keyPairs...),
Options: &Options{
Path: "/",
MaxAge: 86400 * 30,
},
}
}
// NewFilesystemStore returns a new FilesystemStore.
//
// The path argument is the directory where sessions will be saved. If empty
// it will use os.TempDir().
//
// See NewCookieStore() for a description of the other parameters.
func NewFilesystemStore(path string, keyPairs ...[]byte) *FilesystemStore {
if path == "" {
path = os.TempDir()
}
if path[len(path)-1] != '/' {
path += "/"
}
return &FilesystemStore{
Codecs: securecookie.CodecsFromPairs(keyPairs...),
Options: &Options{
Path: "/",
MaxAge: 86400 * 30,
},
path: path,
}
}
package app
import (
"net/http"
"time"
"securecookie"
)
const (
flashKey string = "_flash"
)
var codecs = securecookie.CodecsFromPairs(kHashKey, kBlockKey)
// Subset of http://golang.org/pkg/net/http/#Cookie.
type CookieOptions struct {
MaxAge int
}
func SetCookie(name string, value interface{}, options *CookieOptions, w http.ResponseWriter) error {
encoded, err := securecookie.EncodeMulti(name, value, codecs...)
if err != nil {
return err
}
// NOTE(sadovsky): If path is not "/", Chrome will not set cookies on a 302
// redirect.
cookie := &http.Cookie{
Name: name,
Value: encoded,
