How to make the remember me functionality in a Go web application?

D

Dmitry Shnyrev2014-11-13 13:03:29

go

Dmitry Shnyrev, 2014-11-13 13:03:29

Hello.
Suggest a solution.
based on www.gorillatoolkit.org/pkg/sessions made user authorization

sessionStore = sessions.NewCookieStore([]byte(config.Secret))
sessionStore.Options = &sessions.Options{
HttpOnly: true,
Secure:   false,
}

the default is Expiration for Session Cookies (until the browser is closed).
It is perfectly.
But we need to make Remember me functional.
do after authorization

session.Options = &sessions.Options{MaxAge: 86400 * 7}

it is clear that the response to the MaxAge post request comes, but after the redirect it disappears again, i.e. again - default values are included.
How would it be more correct to do so that for this user the MaxAge value is not reset.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

D

Dmitry Shnyrev, 2014-11-13
@dmnBrest

In general, I read on the Internet that you don’t need to change anything in the session cookie itself, but you just need to create another remember_me cookie that will contain something completely secret, which will allow you to identify the user on the server side and log in. And already in this very cookie, set the MaxAge you need.
Here it is very cool written about it and not only about it, but also about the entire authorization system as a whole.
stackoverflow.com/questions/549/the-definitive-gui...
about remember_me, I advise you to read
fishbowl.pastiche.org/2004/01/19/persistent_login_...

U

uvelichitel, 2014-11-13
@uvelichitel

Try
sessionStore.Options = &sessions.Options{
HttpOnly: true,
Secure: false,
}
And don't forget
session.Save(r, w)