Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
github.com/rivo/sessions
This Go package attempts to free you from the hard work of implementing safe cookie-based web sessions.
Sessions implements a number of OWASP recommendations:
Additional features:
If you want to go one step further and have user signup, login, logout, password reset, email/password change implemented for you, check out github.com/rivo/users.
go get github.com/rivo/sessions
func MyHandler(response http.ResponseWriter, request *http.Request) {
session, err := sessions.Start(response, request, false)
if err != nil {
panic(err)
}
if session != nil {
fmt.Println("We have a session")
} else {
fmt.Println("We have no session")
}
}
(Providing true
will always return a session.)
With the session object, you can call:
RegenerateID
to switch the session ID,Set
, Get
, GetAndDelete
, and Delete
to (un-)assign values to keys,LogIn
and LogOut
to attach/detach users,GobEncode
, GobDecode
, MarshalJSON
, and UnmarshalJSON
to (un-)serialize sessions,Destroy
to end a session.SessionCookie
: Name of the session cookie.NewSessionCookie
: Function for new cookies (used to set cookie parameters).SessionExpiry
: Time to expiry for inactive sessions.SessionIDExpiry
: Maximum session ID lifetime before automatic regeneration.SessionIDGracePeriod
: Extended lifetime for regenerated session IDs.AcceptRemoteIP
: Accepted level of change for IP addresses.AcceptChangingUserAgent
: Whether or not user agent changes are accepted.MaxSessionCacheSize
: Size of local (write-through) session cache.SessionCacheExpiry
: Maximum session lifetime in local cache.Then there is Persistence
used to connect to the session store of your choice (defaults to RAM).
See http://godoc.org/github.com/rivo/sessions for the documentation.
See also the Wiki for more examples and explanations.
Add your issue here on GitHub. Feel free to get in touch if you have any questions.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.