{"id":26936562,"url":"https://github.com/jellydator/sessionup","last_synced_at":"2025-04-09T14:06:10.605Z","repository":{"id":36419139,"uuid":"198490833","full_name":"jellydator/sessionup","owner":"jellydator","description":"Straightforward HTTP session management","archived":false,"fork":false,"pushed_at":"2025-03-20T17:04:35.000Z","size":55,"stargazers_count":123,"open_issues_count":3,"forks_count":7,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-03-20T17:38:22.917Z","etag":null,"topics":["authentication","cookies","go","golang","http","session","session-management"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jellydator.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-07-23T18:55:21.000Z","updated_at":"2025-03-20T17:01:57.000Z","dependencies_parsed_at":"2025-03-20T17:38:30.481Z","dependency_job_id":null,"html_url":"https://github.com/jellydator/sessionup","commit_stats":null,"previous_names":["jellydator/sessionup"],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jellydator%2Fsessionup","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jellydator%2Fsessionup/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jellydator%2Fsessionup/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jellydator%2Fsessionup/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jellydator","download_url":"https://codeload.github.com/jellydator/sessionup/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248054230,"owners_count":21039952,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","cookies","go","golang","http","session","session-management"],"created_at":"2025-04-02T13:00:32.997Z","updated_at":"2025-04-09T14:06:10.565Z","avatar_url":"https://github.com/jellydator.png","language":"Go","readme":"# sessionup 🚀\n\n[![GoDoc](https://godoc.org/github.com/jellydator/sessionup?status.png)](https://godoc.org/github.com/jellydator/sessionup)\n[![Build status](https://travis-ci.org/jellydator/sessionup.svg?branch=master)](https://travis-ci.org/jellydator/sessionup)\n[![Test coverage](http://gocover.io/_badge/github.com/jellydator/sessionup)](https://gocover.io/github.com/jellydator/sessionup)\n[![Go Report Card](https://goreportcard.com/badge/github.com/jellydator/sessionup)](https://goreportcard.com/report/github.com/jellydator/sessionup)\n\nSimple, yet effective HTTP session management and identification package\n\n## Features\n- Effortless session management:\n  - Initialization.\n  - Request authentication.\n  - Retrieval of all sessions.\n  - Revokation of the current session.\n  - Revokation of all *other* sessions.\n  - Revokation of all sessions.\n- Optionally identifiable sessions (IP address, OS, browser).\n- Authentication via middleware.\n- Fully customizable, but with sane defaults.\n- Lightweight.\n- Straightforward API.\n- Allows custom session stores.\n\n## Installation\n```\ngo get github.com/jellydator/sessionup\n```\n\n## Usage\nThe first thing you will need, in order to start creating and validating your sessions, is a Manager:\n```go\nstore := memstore.New(time.Minute * 5)\nmanager := sessionup.NewManager(store)\n```\n\nOut-of-the-box sessionup's Manager instance comes with recommended [OWASP](https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Session_Management_Cheat_Sheet.md#binding-the-session-id-to-other-user-properties) \nconfiguration options already set, but if you feel the need to customize the behaviour and the cookie values the Manager\nwill use, you can easily provide your own options:\n```go\nmanager := sessionup.NewManager(store, sessionup.Secure(false), sessionup.ExpiresIn(time.Hour * 24))\n```\n\nDuring registration, login or whenever you want to create a fresh session, you have to call the `Init` method and provide\na key by which the sessions will be grouped during revokation and retrieval. The key can be anything that defines the owner \nof the session well: ID, email, username, etc.\n```go\nfunc login(w http.ResponseWriter, r *http.Request) {\n      userID := ...\n      if err := manager.Init(w, r, userID); err != nil {\n            // handle error\n      }\n      // success\n}\n```\n\nYou can store additional information with your session as well.\n```go\nfunc login(w http.ResponseWriter, r *http.Request) {\n      userID := ...\n      err := manager.Init(w, r, userID, sessionup.MetaEntry(\"permission\", \"write\"), sessionup.MetaEntry(\"age\", \"111\"))\n      if err != nil {\n            // handle error\n      }\n      // success\n}\n```\n\n`Public` / `Auth` middlewares check whether the request has a cookie with a valid session ID and add the session to the request's \ncontext. `Public`, contrary to `Auth`, does not call the Manager's rejection function (also customizable), thus allowing the wrapped \nhandler to execute successfully.\n```go\nhttp.Handle(\"/\", manager.Public(publicHandler))\nhttp.Handle(\"/private\", manager.Auth(privateHandler))\n```\n\nThere's a `FetchAll` method, should you want to retrieve all sessions under the same key as the current context session:\n```go\nfunc retrieveAll(w http.ResponseWriter, r *http.Request) {\n      sessions, err := manager.FetchAll(r.Context())\n      if err != nil {\n            // handle error\n      }\n      // success\n}\n```\n\nWhen the time comes for session termination, use `Revoke` method:\n```go\nfunc logout(w http.ResponseWriter, r *http.Request) {\t\n      if err := manager.Revoke(r.Context(), w); err != nil {\n            // handle error\n      }\n      // success\n}\n```\n\nWhat if you want to revoke all sessions under the same key as the current context session? Use `RevokeAll`:\n```go\nfunc revokeAll(w http.ResponseWriter, r *http.Request) {\n      if err := manager.RevokeAll(r.Context(), w); err != nil {\n            // handle error\n      }\n      // success\n}\n```\n\n... and if you want to revoke all sessions under the same key as the current context session **excluding** the\ncurrent context session, use `RevokeOther`:\n```go\nfunc revokeOther(w http.ResponseWriter, r *http.Request) {\n      if err := manager.RevokeOther(r.Context()); err != nil {\n            // handle error\n      }\n      // success\n}\n```\n\n## Sessions \u0026 Cookies\nOn each `Init` method call, a new random session ID will be generated. Since only the generated ID and no sensitive\ndata is being stored in the cookie, there is no need to encrypt anything. If you think that the generation functionality\nlacks randomness or has other issues, pass your custom ID generation function as an option when creating a new Manager.\n\n## Store implementations\n- ./memstore/ - in-memory store implementation, already included in this package.\n- [github.com/jellydator/sessionup-redisstore](https://github.com/jellydator/sessionup-redisstore) - Redis store implementation.\n- [github.com/jellydator/sessionup-pgstore](https://github.com/jellydator/sessionup-pgstore) - PostgreSQL store implementation.\n- [github.com/Hyzual/sessionup-sqlitestore](https://github.com/Hyzual/sessionup-sqlitestore) - SQLite store implementation.\n- [github.com/jellydator/sessionup-sqlitestore](https://github.com/jellydator/sessionup-sqlitestore) - SQLite store implementation.\n- [github.com/jellydator/sessionup-boltstore](https://github.com/jellydator/sessionup-boltstore) - Bolt store implementation.\n\nCustom stores need to implement the [Store](https://godoc.org/github.com/jellydator/sessionup#Store) interface to be used by the Manager.\n\n## Limitations\nsessionup offers server-only session storing and management, since the functionality to revoke/retrieve session not in the \nincoming request is not possible with cookie stores.\n\n## Demo\nYou can see sessionup in action by trying out the demo in cmd/example/\n","funding_links":[],"categories":["Authentication and OAuth"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjellydator%2Fsessionup","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjellydator%2Fsessionup","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjellydator%2Fsessionup/lists"}