例子:仅允许通过身份验证的用户在 /secret 中的一定有效期内去查看我们的秘密消息。想要获得访问权限,首先必须去访问 /login 以获取有效的会话 Cookie ,然后将通过验证的用户设置为登录状态。另外,他可以访问 /logout 来撤销对我们秘密信息的访问
package main
import (
"fmt"
"github.com/kataras/iris"
"github.com/kataras/iris/sessions"
)
var (
cookieNameForSessionID ="mycookesinahduixu"
sess = sessions.New(sessions.Config{Cookie:cookieNameForSessionID})
)
func secret(ctx iris.Context){
if auth, err := sess.Start(ctx).GetBoolean("authennticated"); !auth{
fmt.Println(auth, err)
ctx.StatusCode(iris.StatusForbidden)
return
}
ctx.WriteString("the cake is a lie!")
}
func login(c iris.Context){
session := sess.Start(c)
session.Set("authennticated", true)
c.WriteString("logging")
}
func loginout(c iris.Context){
session := sess.Start(c)
// 撤销用户身份验证
session.Set("authenticated", false)
}
func main(){
app := iris.New()
app.Get("/secret", secret)
app.Get("/login", login)
app.Get("/loginout", loginout)
app.Run(iris.Addr(":8080"))
}
运行:
$ go run sessions.go
$ curl -s http://localhost:8080/secret
Forbidden
$ curl -s -I http://localhost:8080/login
Set-Cookie: mysessionid=MTQ4NzE5Mz...
$ curl -s --cookie "mysessionid=MTQ4NzE5Mz..." http://localhost:8080/secret
The cake is a lie!