Choosing a session manager

There are a lot of security considerations when it comes to working with sessions, and proper implementation is not trivial. Unless you really need to roll your own implementation, it’s a good idea to use an existing, well-tested, third-party package here.

Until recently gorilla/sessions was a very popular option for this. Unfortunately it’s no longer maintained and is in archive mode on GitHub, meaning that any bugs in the package — including security bugs — will not be fixed.

So for most applications I now recommend using alexedwards/scs. It has a fairly simple API, supports automatic loading and saving of session data via middleware, and lets you store session data server-side in variety of databases (including MySQL, PostgreSQL and Redis).

For this project we’ve already got a MySQL database set up, so we’ll opt to use alexedwards/scs and store the session data in MySQL.

If you’re following along, make sure that you’re in your project directory and install the necessary packages like so:

$ go get github.com/alexedwards/scs/v2@v2
go: downloading github.com/alexedwards/scs/v2 v2.5.0
go get: added github.com/alexedwards/scs/v2 v2.5.0

$ go get github.com/alexedwards/scs/mysqlstore
go: downloading github.com/alexedwards/scs/mysqlstore v0.0.0-20220528130143-d93ace5be94b
go get: added github.com/alexedwards/scs/mysqlstore v0.0.0-20220528130143-d93ace5be94b