{"id":13409047,"url":"https://github.com/icza/session","last_synced_at":"2026-03-06T22:05:38.096Z","repository":{"id":57481704,"uuid":"51287865","full_name":"icza/session","owner":"icza","description":"Go session management for web servers (including support for Google App Engine - GAE).","archived":false,"fork":false,"pushed_at":"2024-08-24T18:45:01.000Z","size":63,"stargazers_count":118,"open_issues_count":4,"forks_count":15,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-08-13T18:06:43.661Z","etag":null,"topics":["gae","http-session","session-management"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/icza.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"icza"}},"created_at":"2016-02-08T09:07:07.000Z","updated_at":"2025-05-23T04:05:23.000Z","dependencies_parsed_at":"2024-10-26T04:53:07.482Z","dependency_job_id":"0fa68243-1898-4d98-9fde-e35383376330","html_url":"https://github.com/icza/session","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/icza/session","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/icza%2Fsession","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/icza%2Fsession/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/icza%2Fsession/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/icza%2Fsession/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/icza","download_url":"https://codeload.github.com/icza/session/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/icza%2Fsession/sbom","scorecard":{"id":480786,"data":{"date":"2025-08-11","repo":{"name":"github.com/icza/session","commit":"9d7186b56f455d202b8a29e7060e1e1150096e2f"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":0,"reason":"Found 2/26 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'","Warn: branch protection not enabled for branch 'fixv1.0'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 6 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T16:34:02.948Z","repository_id":57481704,"created_at":"2025-08-19T16:34:02.949Z","updated_at":"2025-08-19T16:34:02.949Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30200756,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-06T19:07:06.838Z","status":"ssl_error","status_checked_at":"2026-03-06T18:57:34.882Z","response_time":250,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["gae","http-session","session-management"],"created_at":"2024-07-30T20:00:57.566Z","updated_at":"2026-03-06T22:05:38.079Z","avatar_url":"https://github.com/icza.png","language":"Go","readme":"# Session\r\n\r\n[![Build Status](https://travis-ci.org/icza/session.svg?branch=master)](https://travis-ci.org/icza/session)\r\n[![GoDoc](https://godoc.org/github.com/icza/session?status.svg)](https://godoc.org/github.com/icza/session)\r\n[![Go Report Card](https://goreportcard.com/badge/github.com/icza/session)](https://goreportcard.com/report/github.com/icza/session)\r\n[![codecov](https://codecov.io/gh/icza/session/branch/master/graph/badge.svg)](https://codecov.io/gh/icza/session)\r\n\r\nThe [Go](https://golang.org/) standard library includes a nice [http server](https://golang.org/pkg/net/http/), but unfortunately it lacks a very basic and important feature: _HTTP session management_.\r\n\r\nThis package provides an easy-to-use, extensible and secure session implementation and management. Package documentation can be found and godoc.org:\r\n\r\nhttps://godoc.org/github.com/icza/session\r\n\r\nThis is \"just\" an HTTP session implementation and management, you can use it as-is, or with any existing Go web toolkits and frameworks.\r\n\r\n## Overview\r\n\r\nThere are 3 key _players_ in the package:\r\n\r\n- **`Session`** is the (HTTP) session interface. We can use it to store and retrieve constant and variable attributes from it.\r\n- **`Store`** is a session store interface which is responsible to store sessions and make them retrievable by their IDs at the server side.\r\n- **`Manager`** is a session manager interface which is responsible to acquire a `Session` from an (incoming) HTTP request, and to add a `Session` to an HTTP response to let the client know about the session. A `Manager` has a backing `Store` which is responsible to manage `Session` values at server side.\r\n\r\n_Players_ of this package are represented by interfaces, and various implementations are provided for all these players.\r\nYou are not bound by the provided implementations, feel free to provide your own implementations for any of the players.\r\n\r\n## Usage\r\n\r\nUsage can't be simpler than this. To get the current session associated with the [http.Request](https://golang.org/pkg/net/http/#Request):\r\n\r\n    sess := session.Get(r)\r\n    if sess == nil {\r\n        // No session (yet)\r\n    } else {\r\n        // We have a session, use it\r\n    }\r\n\r\nTo create a new session (e.g. on a successful login) and add it to an [http.ResponseWriter](https://golang.org/pkg/net/http/#ResponseWriter) (to let the client know about the session):\r\n\r\n    sess := session.NewSession()\r\n    session.Add(sess, w)\r\n\r\nLet's see a more advanced session creation: let's provide a constant attribute (for the lifetime of the session) and an initial, variable attribute:\r\n\r\n    sess := session.NewSessionOptions(\u0026session.SessOptions{\r\n        CAttrs: map[string]interface{}{\"UserName\": userName},\r\n        Attrs:  map[string]interface{}{\"Count\": 1},\r\n    })\r\n\r\nAnd to access these attributes and change value of `\"Count\"`:\r\n\r\n    userName := sess.CAttr(\"UserName\")\r\n    count := sess.Attr(\"Count\").(int) // Type assertion, you might wanna check if it succeeds\r\n    sess.SetAttr(\"Count\", count+1)    // Increment count\r\n\r\n(Of course variable attributes can be added later on too with `Session.SetAttr()`, not just at session creation.)\r\n\r\nTo remove a session (e.g. on logout):\r\n\r\n    session.Remove(sess, w)\r\n\r\nCheck out the [session demo application](https://github.com/icza/session/blob/master/_session_demo/session_demo.go) which shows all these in action.\r\n\r\n## Google App Engine support\r\n\r\nThe package https://github.com/icza/gaesession provides support for Google App Engine (GAE) platform.\r\n\r\nThe `gaesession` implementation stores sessions in the Memcache and also saves sessions in the Datastore as a backup\r\nin case data would be removed from the Memcache. This behaviour is optional, Datastore can be disabled completely.\r\nYou can also choose whether saving to Datastore happens synchronously (in the same goroutine)\r\nor asynchronously (in another goroutine), resulting in faster response times.\r\n\r\nFor details and examples, please visit https://github.com/icza/gaesession.\r\n","funding_links":["https://github.com/sponsors/icza"],"categories":["Authentication and Authorization","Authentication and OAuth","身份验证和OAuth","Authentication \u0026 OAuth","认证和授权","認證和授權","认证和OAuth授权","Uncategorized","\u003cspan id=\"身份验证和oauth-authentication-and-auth\"\u003e身份验证和OAuth Authentication and Auth\u003c/span\u003e"],"sub_categories":["Contents"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ficza%2Fsession","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ficza%2Fsession","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ficza%2Fsession/lists"}