Sessions with Go-Restful

xuanbao · · 584 次点击    
这是一个分享于 的资源,其中的信息可能已经有所发展或是发生改变。
<p>Hi,</p> <p>I&#39;m using GoRestful package to create REST APIs and using the LDAP package to authenticate users. When a user is authenticated, I want to start a session for the user and have the session expire after 1 day.</p> <p>I&#39;ve got authentication working as well as my REST APIs but I have no idea where and how to start with sessions, any advice on this?</p> <p>I tried using the &#34;gorilla/sessions&#34; package but was running into an issues with getting/setting the session value (invalid params).</p> <p>Thanks</p> <hr/>**评论:**<br/><br/>skarlso: <pre><p>Actually, sessions are a bad practice when facing a REST API. </p> <p>REST is / should be stateless. Meaning, every request should be able to identify themselves after an authentication happened. </p> <p>Either via access_tokens in the header, or via <a href="http://tools.ietf.org/html/rfc6750">Bearer - Tokens</a>, SSL and <a href="http://oauth.net/2/">OAuth 2</a>.</p> <p>Having a session really defeats the purpose of having a REST implemented. </p> <p>$0.02.</p></pre>PleaseDismantle: <pre><p><a href="https://github.com/Throckmortra/soysos" rel="nofollow">https://github.com/Throckmortra/soysos</a></p> <p>this is still very rough, but you may find some helpful stuff there. Userresource is the route resource for auth and getting a token. You can find my SQLite db stuff for managing tokens in database.go. Sessions.go is a misnomer, it only contains the UUID generators I&#39;ve been playing with for creating the session tokens. </p> <p>My idea was to establish sessions with tokens and then expire the tokens by checking the database hourly and getting rid of any tokens that are older than 12 hours. </p> <p>You could take this a different direction and throw a goroutine for each session. That seemed like overkill though.</p></pre>

入群交流(和以上内容无关):加入Go大咖交流群,或添加微信:liuxiaoyan-s 备注:入群;或加QQ群:692541889

584 次点击  
加入收藏 微博
暂无回复
添加一条新回复 (您需要 登录 后才能回复 没有账号 ?)
  • 请尽量让自己的回复能够对别人有帮助
  • 支持 Markdown 格式, **粗体**、~~删除线~~、`单行代码`
  • 支持 @ 本站用户;支持表情(输入 : 提示),见 Emoji cheat sheet
  • 图片支持拖拽、截图粘贴等方式上传