When you work with an application, you open it, do some changes, and then you close it. This is much like a Session. The computer knows who you are. It knows when you start the application and when you end. But on the internet there is one problem: the web server does not know who you are or what you do, because the HTTP address doesn't maintain state.
Session variables solve this problem by storing user information to be used across multiple pages (e.g. username, favorite color, etc). By default, session variables last until the user closes the browser.
So; Session variables hold information about one single user, and are available to all pages in one application.
Tip: If you need a permanent storage, you may want to store the data in a database.
Iris has its own session implementation and sessions manager live inside the iris/sessions subpackage. You'll need to import this package in order to work with HTTP Sessions.
A session is started with the Start function of the Sessions object which is created with the New package-level function. That function will return a Session.
Session variables are set with the Session.Set method and retrieved by the Session.Get and its related methods. To delete a single variable use the Session.Delete. To delete and invalidate the whole session use the Session.Destroy method.
See all methods
The sessions manager is created using the New package-level function.
SessionIDGeneratorfunc(iris.Context)string// Defaults to "irissessionid".CookiestringCookieSecureTLSbool// Defaults to false.AllowReclaimbool// Defaults to nil.Encodefunc(cookieNamestring,valueinterface{})(string,error)// Defaults to nil.Decodefunc(cookieNamestring,cookieValuestring,vinterface{})error// Defaults to nil.EncodingEncoding// Defaults to infinitive/unlimited life duration(0).Expirestime.Duration// Defaults to false.DisableSubdomainPersistencebool
The return value a Sessions pointer exports the following methods.
In this example we will only allow authenticated users to view our secret message on the /secret age. To get access to it, the will first have to visit /login to get a valid session cookie, hich logs him in. Additionally he can visit /logout to revoke his access to our secret message.
// sessions.gopackagemainimport("github.com/kataras/iris/v12""github.com/kataras/iris/v12/sessions")var(cookieNameForSessionID="mycookiesessionnameid"sess=sessions.New(sessions.Config{Cookie:cookieNameForSessionID}))funcsecret(ctxiris.Context){// Check if user is authenticatedifauth,_:=sess.Start(ctx).GetBoolean("authenticated");!auth{ctx.StatusCode(iris.StatusForbidden)return}// Print secret messagectx.WriteString("The cake is a lie!")}funclogin(ctxiris.Context){session:=sess.Start(ctx)// Authentication goes here// ...// Set user as authenticatedsession.Set("authenticated",true)}funclogout(ctxiris.Context){session:=sess.Start(ctx)// Revoke users authenticationsession.Set("authenticated",false)// Or to remove the variable:session.Delete("authenticated")// Or destroy the whole session:session.Destroy()}funcmain(){app:=iris.New()app.Get("/secret",secret)app.Get("/login",login)app.Get("/logout",logout)app.Listen(":8080")}
Midddleware
When you want to use the Session in the same request handler and life cycle(chain of handlers, middlewares), you can optionally register it as a middleware and use the package-level sessions.Get to retrieve the stored-to-context session.
The Sessions struct value contains the Handler method which can be used to return an iris.Handler to be registered as middleware.
Also, if the sessions manager's Config.AllowReclaim is true then you can still call sess.Start as many times as you want in the same request life cycle without the need of registering it as a middleware.
