Allow context to use something other than an in-memory map

Question

Allow context to use something other than an in-memory map

jkodumal opened this issue 10 years ago · 1 comments

I may be missing something, but it appears (in context.go) that the csrf context is designed to use an in-memory map, with no other options to use something like memcache or redis.

I think this would prevent nosurf from being used in an environment where multiple apps are run behind a load balancer, unless something like sticky sessions are employed.

It would be nice if the in-memory map was abstracted out to an interface, so that anyone could plug in alternative stores. Gorilla sessions does this, and it seems to work pretty well.

Answer 1 · 2014-11-06T22:52:28.000Z

Actually, I understand what's going on now-- didn't really grok the way masking worked at first.