[question] is securecookie required to use this package

Question

[question] is securecookie required to use this package

EricDatis opened this issue 4 years ago · 4 comments

EricDatis commented 4 years ago

I get this error when using this package

securecookie: hash key is not set

Do this package require me to use securecookie or something is missing here

Go version: go version go1.14.5 darwin/amd64

package version: 947297c

I follow simple use case from example (Saving a value to a session)

var store = sessions.NewCookieStore([]byte(os.Getenv("SESSION_KEY")))

func createToken(userid int, w http.ResponseWriter, r *http.Request) error {
        // Generate access token
        session, err := store.Get(r, "auth")
	if err != nil {
		return err
	}
	session.Values[userid] = accToken
	err = session.Save(r, w)
	if err != nil {
		return err
	}
}

Answer 1 · 2020-08-19T13:17:45.000Z

The sessions package uses securecookie underneath. You don't need to import it yourself.

I suspect the value of os.Getenv("SESSION_KEY") is empty though. You should whether it is valid at program startup.

Answer 2 · 2020-08-20T16:07:22.000Z

thank for reply! Is there any format that I have to follow for the session key?

Answer 3 · 2020-08-20T16:33:18.000Z

Per https://godoc.org/github.com/gorilla/sessions#NewCookieStore

It is recommended to use an authentication key with 32 or 64 bytes.

Hope that helps!

Answer 4 · 2020-10-21T03:32:06.000Z

This issue has been automatically marked as stale because it hasn't seen a recent update. It'll be automatically closed in a few days.