abraithwaite / jeff Goto Github PK

I'm not in love with the name of the repo.

A quick look at both libraries seems to show an important difference: github.com/alexedwards/scs buffers all response bytes. A bufferedResponseWriter{} buffering all output to catch session changes before headers are sent (

• https://github.com/alexedwards/scs/blob/master/session.go#L118
• Which at one point supported websockets by implementing hijack?.

Jeff seems to handle this better (but not easier) by making you call Set manually when headers should be set without wrapping your http.Handler.

Don't use alexedwards/scs if you send large payloads to clients, stream response bodies, use websockets(?), etc.

Can you use the cookie as a storer for the session instead of a backend like redis and others?

Clear function in sessions.go doesn't handle the return value of the clear function.

Hi, I saw your project in my GitHub feed because someone I follow starred it and when seeing the Storage interface I immediately thought that it would be a great fit for a project of mine: https://github.com/philippgille/gokv

I'll paste the code here so you don't have to follow the links:

jeff.Storage:

type Storage interface {
	Store(ctx context.Context, key, value []byte, exp time.Time)
	Fetch(ctx context.Context, key []byte) (value []byte, err error)
	Delete(ctx context.Context, key []byte) error
}

gokv.Store:

type Store interface {
    Set(k string, v interface{}) error
    Get(k string, v interface{}) (found bool, err error)
    Delete(k string) error
    Close() error
}

Downsides:

• gokv doesn't work with contexts yet
• There's no expiration handling in the implementations, but you can save the whole item (that includes the expiration) and similarly to your memory implementation (here), just not return it when it's expired.

Upsides:

• The main upside is the number of implementations for the interface. There's a simple Go map, sync.Map, FreeCache, BigCache, bbolt (a.k.a. BoltDB), BadgerDB, LevelDB, Local files, Redis, Consul, etcd, Apache ZooKeeper, Memcached, Hazelcast, Amazon DynamoDB, Amazon S3, Azure Table Storage, Google Cloud Datastore, Alibaba Cloud Tablestore, MySQL, PostgreSQL, MongoDB, CockroachDB and Apache Ignite. And more to come :)
• All implementations allow to save any struct instead of just a slice of bytes. That's useful for example to include the expiration when storing a session and allows extending the stored struct with more fields in the future

This is exactly the use case that I had in mind when creating it: As a package creator you want your package users to to be able to use as many storage implementations as possible, so you only use a common key-value interface and then point package users to existing implementations.

Maybe you can have a look at it and then I'd love to hear what you think :)

Currently, each session requires a unique key. Would be nicer if we stored a list of sessions for each key.

Provide ability to store generic session metadata with session (binary blob).

Currently, user's sessions are stored as a list of active sessions under a single key in redis, each with their own unique token.

When we moved to this model, we didn't update the Clear and Delete methods to be able to clear just an individual session. As it stands, calling either of these methods will terminate all active sessions instead of just one, as it was originally intended.

Excuse the question maybe very basic for you, but I'm learning day by day and I want to understand well.

I am using authboss for a hobby project.

But I do not need most of its features: I would just like to authenticate a user (email and password) if he has to use specific APIs.

Do you think I can replace authboss with your project?

For our application, we need our session cookies to have SameSite=None. SameSite=lax is hardcoded in the cookie setup, here:

Can SameSite's setting become an Option on jeff.New()?

Hi @abraithwaite!
First of all, I want to say thanks a lot for this package, I found out that popular packages were lacking for my use-case where I want to search sessions by user-id.

However, after taking a look around, I couldn't find an exported function to get all active sessions for a user.
This is helpful, for example, if the user is logged in from many devices and we want to revoke them all at once.

Thoughts?

Add this for shared cache scenarios