Popularity

4.3

Declining

Activity

0.0

Stable

Stars 124

Watchers 6

Forks 7

Last Commit almost 2 years ago

Programming language: Go

License: MIT License

Tags: Authentication & OAuth

Latest version: v1.4.0

sessionup alternatives and similar packages

Based on the "Authentication and OAuth" category.
Alternatively, view sessionup alternatives based on common mentions on social networks and blogs.

keto

8.9 8.6 sessionup VS keto

Open Source (Go) implementation of "Zanzibar: Google's Consistent, Global Authorization System". Ships gRPC, REST APIs, newSQL, and an easy and granular permission language. Supports ACL, RBAC, and other access models.
scs

8.1 6.3 sessionup VS scs

HTTP Session Management for Go

InfluxDB - Power Real-Time Data Analytics at Scale

Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

Promo www.influxdata.com

oidc

7.5 9.0 sessionup VS oidc

Easy to use OpenID Connect client and server library written for Go and certified by the OpenID Foundation
paseto

7.0 0.0 sessionup VS paseto

Platform-Agnostic Security Tokens implementation in GO (Golang)
go-guardian

6.5 1.4 sessionup VS go-guardian

Go-Guardian is a golang library that provides a simple, clean, and idiomatic way to create powerful modern API and web authentication.
jeff

5.4 0.0 sessionup VS jeff

🍍Jeff provides the simplest way to manage web sessions in Go.
branca

5.0 0.0 sessionup VS branca

:key: Secure alternative to JWT. Authenticated Encrypted API Tokens for Go.
otpgen

4.5 0.0 sessionup VS otpgen

Library to generate TOTP/HOTP codes
sjwt

4.3 2.7 sessionup VS sjwt

Simple JWT Golang
securecookie

3.7 0.0 sessionup VS securecookie

Fast, secure and efficient secure cookie encoder/decoder
otpgo

3.6 0.0 sessionup VS otpgo

Time-Based One-Time Password (TOTP) and HMAC-Based One-Time Password (HOTP) library for Go.
go-email-normalizer

3.1 5.4 sessionup VS go-email-normalizer

Golang library for providing a canonical representation of email address.
scope

2.4 0.0 sessionup VS scope

Easily Manage OAuth2 Scopes In Go
cookiestxt

1.6 5.2 sessionup VS cookiestxt

cookiestxt implement parser of cookies txt format
sessiongate-go

1.4 0.0 sessionup VS sessiongate-go

A driver for the SessionGate Redis module - easy session management using the Go language.
signedvalue

1.1 0.0 sessionup VS signedvalue

Compatibility layer for tornado's signed values (and secure cookies consequently)
gosession

- - sessionup VS gosession

This is quick session for net/http in GoLang. This package is perhaps the best implementation of the session mechanism, at least it tries to become one.

Do you think we are missing an alternative of sessionup or a related project?

Add another 'Authentication and OAuth' Package

Popular Comparisons

README

sessionup 🚀

Simple, yet effective HTTP session management and identification package

Features

Effortless session management:
- Initialization.
- Request authentication.
- Retrieval of all sessions.
- Revokation of the current session.
- Revokation of all other sessions.
- Revokation of all sessions.
Optionally identifiable sessions (IP address, OS, browser).
Authentication via middleware.
Fully customizable, but with sane defaults.
Lightweight.
Straightforward API.
Allows custom session stores.

Installation

go get github.com/swithek/sessionup

Usage

The first thing you will need, in order to start creating and validating your sessions, is a Manager:

store := memstore.New(time.Minute * 5)
manager := sessionup.NewManager(store)

Out-of-the-box sessionup's Manager instance comes with recommended OWASP configuration options already set, but if you feel the need to customize the behaviour and the cookie values the Manager will use, you can easily provide your own options:

manager := sessionup.NewManager(store, sessionup.Secure(false), sessionup.ExpiresIn(time.Hour * 24))

During registration, login or whenever you want to create a fresh session, you have to call the Init method and provide a key by which the sessions will be grouped during revokation and retrieval. The key can be anything that defines the owner of the session well: ID, email, username, etc.

func login(w http.ResponseWriter, r *http.Request) {
      userID := ...
      if err := manager.Init(w, r, userID); err != nil {
            // handle error
      }
      // success
}

You can store additional information with your session as well.

func login(w http.ResponseWriter, r *http.Request) {
      userID := ...
      err := manager.Init(w, r, userID, sessionup.MetaEntry("permission", "write"), sessionup.MetaEntry("age", "111"))
      if err != nil {
            // handle error
      }
      // success
}

Public / Auth middlewares check whether the request has a cookie with a valid session ID and add the session to the request's context. Public, contrary to Auth, does not call the Manager's rejection function (also customizable), thus allowing the wrapped handler to execute successfully.

http.Handle("/", manager.Public(publicHandler))
http.Handle("/private", manager.Auth(privateHandler))

There's a FetchAll method, should you want to retrieve all sessions under the same key as the current context session:

func retrieveAll(w http.ResponseWriter, r *http.Request) {
      sessions, err := manager.FetchAll(r.Context())
      if err != nil {
            // handle error
      }
      // success
}

When the time comes for session termination, use Revoke method:

func logout(w http.ResponseWriter, r *http.Request) {   
      if err := manager.Revoke(r.Context(), w); err != nil {
            // handle error
      }
      // success
}

What if you want to revoke all sessions under the same key as the current context session? Use RevokeAll:

func revokeAll(w http.ResponseWriter, r *http.Request) {
      if err := manager.RevokeAll(r.Context(), w); err != nil {
            // handle error
      }
      // success
}

... and if you want to revoke all sessions under the same key as the current context session excluding the current context session, use RevokeOther:

func revokeOther(w http.ResponseWriter, r *http.Request) {
      if err := manager.RevokeOther(r.Context()); err != nil {
            // handle error
      }
      // success
}

Sessions & Cookies

On each Init method call, a new random session ID will be generated. Since only the generated ID and no sensitive data is being stored in the cookie, there is no need to encrypt anything. If you think that the generation functionality lacks randomness or has other issues, pass your custom ID generation function as an option when creating a new Manager.

Store implementations

./memstore/ - in-memory store implementation, already included in this package.
github.com/swithek/sessionup-redisstore - Redis store implementation.
github.com/swithek/sessionup-pgstore - PostgreSQL store implementation.
github.com/Hyzual/sessionup-sqlitestore - SQLite store implementation.
github.com/davseby/sessionup-sqlitestore - SQLite store implementation.
github.com/davseby/sessionup-boltstore - Bolt store implementation.

Custom stores need to implement the Store interface to be used by the Manager.

Limitations

sessionup offers server-only session storing and management, since the functionality to revoke/retrieve session not in the incoming request is not possible with cookie stores.

Demo

You can see sessionup in action by trying out the demo in cmd/example/

sessionup

Straightforward HTTP session management