Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cross Web Server Session #87

Closed
CasperHK opened this issue Jul 24, 2016 · 11 comments
Closed

Cross Web Server Session #87

CasperHK opened this issue Jul 24, 2016 · 11 comments
Assignees
@elithrar
Labels
question

Comments

@CasperHK
Copy link

It is possible to make a cross server session by using gorilla/sessions? Assume that I have multiple servers to serve one website. If the user login in one server, I expect he also login in other server.
@elithrar elithrar self-assigned this Jul 24, 2016
@elithrar
Copy link
Contributor

@CasperHK That's what you get by default with cookies: as long as servers are all part of the same domain (e.g. github.com, or *.github.com) then the cookie will be sent by the browser.

Alternatively, sessions also supports server-side stores - all servers would need to be able to connect to that store (be it Redis, or PostgreSQL, etc).

@CasperHK
Copy link
Author

CasperHK commented Jul 25, 2016
edited

gorilla/session seems great for my task. Actually, I want to use Go on my final year project in my university and now I have 12 ubuntu servers under the same domain. Some of them will be used as web servers and one will be used as a MySQL database server. Therefore, I want to implement a MySQL-based session service to allow session data synchronized in all web servers.
Previously, I tried to program the MySQL-based cross server session. If srinathgs/mysqlstore provide a easier way to do the same, it is great for me to study and simplify my work.

@elithrar
Copy link
Contributor

Use the default CookieStore, and if all servers have the same signing key,
and exist on the same domain, it will work as is.

On Sun, Jul 24, 2016 at 10:48 PM Casper LI notifications@github.com wrote:

gorilla/session seems great for my task. Actually, I want to use Go on my
final year project in my university and now I have 12 ubuntu servers under
the same domain. Some of them will be used as web servers and one will be
used as a MySQL database server. Therefore, I want to implement a
MySQL-based session service to allow session data synchronized in all web
servers.
Previously, I tried to program the MySQL-based cross server session. If "
github.com/gorilla/sessions" provide a easier way to do the same, it is
great for me to study and simplify my work.


You are receiving this because you were assigned.

Reply to this email directly, view it on GitHub
#87 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AABIcNfC7H8DrZq5NX1Tu7W_Vd1LM5BIks5qZE43gaJpZM4JTizF
.

@CasperHK
Copy link
Author

CasperHK commented Jul 25, 2016
edited

Sorry, I want to ask what the default CookieStore and the signing key are? CookieStore means gorilla/sessions package?

@elithrar
Copy link
Contributor

Yes. Take a look at http://www.gorillatoolkit.org/pkg/sessions -

  • something-very-secret is the signing key
  • sessions.NewCookieStore returns a *CookieStore, which does not require a database/shared state between your servers.
import (
    "net/http"
    "github.com/gorilla/sessions"
)

var store = sessions.NewCookieStore([]byte("something-very-secret"))

func MyHandler(w http.ResponseWriter, r *http.Request) {
    // Get a session. We're ignoring the error resulted from decoding an
    // existing session: Get() always returns a session, even if empty.
    session, err := store.Get(r, "session-name")
    if err != nil {
        http.Error(w, err.Error(), http.StatusInternalServerError)
        return
    }

    // Set some session values.
    session.Values["foo"] = "bar"
    session.Values[42] = 43
    // Save it before we write to the response/return from the handler.
    session.Save(r, w)
}

@CasperHK
Copy link
Author

CasperHK commented Jul 25, 2016
edited

I have read the code. When I look at

var store = sessions.NewCookieStore([]byte("something-very-secret"))

I wonder whether the store variable is used in every handlers through out the project. If so, it seems that I need to wrap it in another package and make it exported. This is because I separated all different handlers in different packages according to which page they are serving, (e.g. index, projbrwsr, codeeditor) and those handler have to call to the same Store.
image

something-very-secret is said to be a secret key but I don't have any idea what I should pass to the function NewCookieStore().

@elithrar
Copy link
Contributor

Inject store (sessions.Store) as a dependency into your other packages.

On Mon, Jul 25, 2016 at 8:57 AM Casper LI notifications@github.com wrote:

I have read the code. When I look at

var store = sessions.NewCookieStore([]byte("something-very-secret"))

I wonder whether the store variable is used in every handlers through out
the project. If so, it seems that I need to wrap it in another package and
make it exported. This is because I separated all different handlers in
different packages according to which page they are serving, (e.g. index,
projbrwsr, codeeditor) and those handler have to call to the same Store.
[image: image]
https://cloud.githubusercontent.com/assets/6957401/17107410/a34dcc50-52c1-11e6-92f7-a4227da60244.png


You are receiving this because you were assigned.

Reply to this email directly, view it on GitHub
#87 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AABIcOHzeq8IabUoj-SZx_B-7er-PJf9ks5qZNzsgaJpZM4JTizF
.

@elithrar
Copy link
Contributor

elithrar commented Jul 25, 2016
edited

something-very-secret is said to be a secret key but I don't have any idea what I should pass to the function NewCookieStore().

https://godoc.org/github.com/gorilla/sessions#NewCookieStore

Keys are defined in pairs to allow key rotation, but the common case is to set a single authentication key and optionally an encryption key.
The first key in a pair is used for authentication and the second for encryption. The encryption key can be set to nil or omitted in the last pair, but the authentication key is required in all pairs.

NewCookieStore takes an authentication/signing key and an (optional) encryption key.

@CasperHK
Copy link
Author

CasperHK commented Jul 27, 2016
edited

Sorry, Iam quite new to Go. Could you explain more about Inject store or give me a link for explanation? Thank you.

@elithrar
Copy link
Contributor

elithrar commented Jul 27, 2016
edited

@CasperHK Have your packages' constructors accept their dependencies - e.g.

  • NewProjectBrowser(store sessions.Store, debug bool) (*ProjectBrowser, error) { ... }
  • NewCodeEditor(store sessions.Store) (*CodeEditor, error) { ... }

In main.go

func main() {
    // Create a store, and then pass it (inject it) into your other packages via their constructors
    store  := sessions.NewCookieStore(key)
    ...
    ce, err := package.NewCodeEditor(store)
    ...
    pb, err := package.NewProjectBrowser(store)
    ...
}

@elithrar
Copy link
Contributor

Closing due to inactivity.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@elithrar elithrar

Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@elithrar @CasperHK