CODEWITHSUNDEEP
gosessionsession-cookiessession-variablesgorilla
user7952151
user7952151

Reputation: 121

Why did you need to save something in gorilla session?

I'm a beginner with gorilla session ( and cookies in general ) and i've been experimenting with it. In the doc they have this code : 

session, err := store.Get(r, "session-name")
if err != nil {
    http.Error(w, err.Error(), http.StatusInternalServerError)
    return
}

// Set some session values.
session.Values["foo"] = "bar"
session.Values[42] = 43
// Save it before we write to the response/return from the handler.
err = session.Save(r, w)
if err != nil {
    http.Error(w, err.Error(), http.StatusInternalServerError)
    return
}

From my understanding of session you would need an user upon succesfull login to receive a session "token" and then store it into the Store. It seems that this line store.Get(r, "session-name") is doing just that, where in reality " session-name" would be the sucessfully authenticated user id. The goal here is to be able to retreive and compare the session token on futur request.( right ?)

What i'm not understanding is what are those value that are saved :

// Set some session values.
session.Values["foo"] = "bar"
session.Values[42] = 43

What are we using them for ? Is it to store extra data that would be retreived when the cookie is sent back to us ? Are stay stored in the back end ? or encoded and added to the cookie the same way a JWT would encode extra data in the payload ( like the role of the user etc.. )

It seem to me that only the first step is necessary but i'm not sure about the rest especially since store.Get() with no argument is supposed to generate a session as explained in the doc example " // Get a session. Get() always returns a session, even if empty." id so i could save it in my database/redis/in memory and not use the rest at all.

I feel like i'm missing something.

Upvotes: 0

Views: 383

Answers (1)

eudore
eudore

Reputation: 753

The store.Get method uses the request object to get the sessionid, then gets the session data from the store, and then creates the session object.

session.Values uses a map to save the session data. Reading and writing session.Values is to manipulate the session data. Finally, the session.Save method is called to save the data from the new serialization to the store.

Upvotes: 1

Related Questions