1 00:00:01,000 --> 00:00:05,590 So it's time to move on to Sessions, and before we jump into actually writing some code, we should 2 00:00:05,590 --> 00:00:07,030 talk about what sessions are. 3 00:00:07,030 --> 00:00:09,770 You may know, but it will give it a brief overview in any case. 4 00:00:10,390 --> 00:00:18,070 So when I'm on a Web browser, if I go to a site WWOR, I don't know, CNN dot com doesn't matter. 5 00:00:19,210 --> 00:00:25,090 I hit this Web page, and what I've done is I've sent a request to some server out on the Internet somewhere 6 00:00:25,090 --> 00:00:29,170 saying, hey, I would like to get the homepage for CNN dot com. 7 00:00:29,830 --> 00:00:32,470 And at the moment I'm making that request. 8 00:00:32,470 --> 00:00:34,480 The Web server knows certain things about me. 9 00:00:34,570 --> 00:00:36,160 It knows my IP address. 10 00:00:36,520 --> 00:00:38,560 I've sent in my preferred language. 11 00:00:38,560 --> 00:00:41,440 Probably I've sent in all kinds of things, all part of the request. 12 00:00:42,040 --> 00:00:48,130 So the web for Web server takes the request, assembles the response and sends back a fully formatted 13 00:00:48,130 --> 00:00:53,290 Web page consisting of text and images, maybe links to videos, whatever it may be. 14 00:00:53,890 --> 00:00:58,180 And the instant it finishes sending me that information, it forgets about me. 15 00:00:58,330 --> 00:00:59,890 It doesn't know anything else about me. 16 00:00:59,890 --> 00:01:01,600 I'm gone as far as I'm concerned. 17 00:01:01,600 --> 00:01:04,990 If I click on a link here, if I click on whatever this is about. 18 00:01:04,990 --> 00:01:11,620 Jeffrey Epstein, as far as the Web server is concerned, I'm an entirely new person and it knows nothing 19 00:01:11,620 --> 00:01:13,030 about my previous request. 20 00:01:13,870 --> 00:01:15,760 So that's not a problem. 21 00:01:15,880 --> 00:01:21,610 If you're serving or surfing Web Web pages and you don't need the site, doesn't need to know anything 22 00:01:21,610 --> 00:01:25,630 about you, it is a problem for things like user authentication. 23 00:01:26,110 --> 00:01:30,820 How do how does the Web server, which is stateless and doesn't know anything about me between visits, 24 00:01:31,570 --> 00:01:33,400 how does it know whether I'm logged in or not? 25 00:01:33,850 --> 00:01:38,100 How does it know anything that needs to persist between page requests? 26 00:01:38,410 --> 00:01:45,010 Well, this is where sessions come in and the sessions are something that we need to set up in our application. 27 00:01:45,160 --> 00:01:47,620 Now, there's a number of ways of implementing this. 28 00:01:48,010 --> 00:01:52,810 The easiest way is to choose a session package that you think suits your needs. 29 00:01:52,810 --> 00:01:54,100 And there are many to choose from. 30 00:01:54,880 --> 00:01:58,120 Gorilla, a package called Gorilla Sessions. 31 00:01:58,120 --> 00:01:59,380 There are many to choose from. 32 00:01:59,380 --> 00:02:01,750 I'm going to use a particular one that I like very much. 33 00:02:02,230 --> 00:02:10,740 So the one that I'm going to use is right here at GitHub Dotcom Alex Edwards legacy s. 34 00:02:11,320 --> 00:02:14,200 So I'm going to install that package before I do anything else. 35 00:02:14,830 --> 00:02:21,550 So I scroll down, I finally installation string, copy it, go back to my idy. 36 00:02:21,940 --> 00:02:27,490 If I have my application running, I stop it and then I say go get or I said pace the whole thing in 37 00:02:27,490 --> 00:02:30,850 there, go get GitHub, dotcom and so forth. 38 00:02:31,090 --> 00:02:31,930 Hit return. 39 00:02:32,260 --> 00:02:33,460 It should install it. 40 00:02:33,460 --> 00:02:35,890 I can verify that by looking at go mod. 41 00:02:36,040 --> 00:02:39,580 There it is, it's all installed and now I can start to use it. 42 00:02:40,270 --> 00:02:44,620 Now when you're using a session, regardless as to what package you're using, you almost certainly 43 00:02:44,620 --> 00:02:47,770 have to initialize it in some way, shape or form. 44 00:02:48,460 --> 00:02:51,850 And the way that we do that is right here in our main file. 45 00:02:52,030 --> 00:02:58,720 So I can maybe just after I declare my app config and before I go get my template cache, doesn't matter 46 00:02:58,720 --> 00:03:04,570 where I put it, but I'm going to put it here and I'm going to simply say create a variable called Session 47 00:03:05,290 --> 00:03:06,640 Now session. 48 00:03:06,670 --> 00:03:08,950 I'm going to sign it right now, but I'm going to change that in a minute. 49 00:03:09,670 --> 00:03:11,500 Session is from the package. 50 00:03:11,500 --> 00:03:17,620 We've just installed a series and he gives his examples here where everything we used to call that is 51 00:03:17,620 --> 00:03:19,360 actually calling S.A.S.. 52 00:03:19,360 --> 00:03:21,220 So C. 53 00:03:21,220 --> 00:03:26,860 S dot, you and I better it imported it good as new. 54 00:03:26,860 --> 00:03:29,440 And then I need to say I don't need to, but I'm going to. 55 00:03:29,650 --> 00:03:32,530 How long do I want my sessions to live, for example. 56 00:03:32,530 --> 00:03:38,530 So if I look at that variable session I just created, it has a bunch of functions that I can use and 57 00:03:38,530 --> 00:03:41,980 one of the ones that I want to use is actually called Lifetime. 58 00:03:41,980 --> 00:03:43,780 So F lifetime. 59 00:03:44,380 --> 00:03:46,690 And that's going to be equal to a particular value. 60 00:03:46,960 --> 00:03:53,800 And the I want it to last for twenty four hours so I can just say twenty four times time, which is 61 00:03:53,800 --> 00:03:56,530 a built in go package dot power. 62 00:03:57,820 --> 00:04:02,440 And now the sessions that are created will last for twenty four hours which is long enough. 63 00:04:02,440 --> 00:04:07,210 You might want to go for thirty minutes if it's highly secure and you want people logged out as soon 64 00:04:07,210 --> 00:04:07,720 as possible. 65 00:04:07,720 --> 00:04:11,170 But twenty four hours is suitable for our purpose so I'll leave it there right now. 66 00:04:12,100 --> 00:04:15,070 Also I'm using the default session package. 67 00:04:15,070 --> 00:04:20,230 If I go back up here and look, you can see that it actually has a bunch of different stores. 68 00:04:20,500 --> 00:04:24,970 So by default uses cookies, it just uses cookies to store our sessions. 69 00:04:24,970 --> 00:04:26,380 And that's all we're going to do right now. 70 00:04:26,890 --> 00:04:31,090 We may look at storing them in Rattus or something else later on, but there are many different stores 71 00:04:31,090 --> 00:04:31,630 that he has. 72 00:04:32,110 --> 00:04:36,970 Badger is a built in database that you can put right into your go application and it will store all 73 00:04:36,970 --> 00:04:37,810 the sessions there. 74 00:04:38,140 --> 00:04:39,790 Boult is this a similar thing? 75 00:04:39,790 --> 00:04:41,470 Bolton Badger serve the same purpose. 76 00:04:41,470 --> 00:04:43,000 In fact, one is based on the other. 77 00:04:43,690 --> 00:04:48,730 You can store the memory store, you can store them in a minuscule database of Postgres database, retests 78 00:04:48,730 --> 00:04:52,210 key value store or a school database equal like three database. 79 00:04:52,630 --> 00:04:54,460 So we could do all of that. 80 00:04:54,460 --> 00:04:55,540 But we're not going to right now. 81 00:04:56,020 --> 00:04:57,280 We're just going to go with the defaults. 82 00:04:57,940 --> 00:04:59,410 So since we're storing and cookies. 83 00:04:59,890 --> 00:05:05,230 And since all sessions use cookies in one form or another, we need to actually set some parameters 84 00:05:05,230 --> 00:05:12,760 for that cookie session cookie, which is built into the package we want to say processed should the 85 00:05:12,760 --> 00:05:16,930 cookies persist after the browser window is closed by the end user. 86 00:05:16,960 --> 00:05:20,290 I'm going to say true if you want the sessions to disappear. 87 00:05:20,290 --> 00:05:25,540 The moment that someone closes the browser window or quits the browser, you set that default and then 88 00:05:25,540 --> 00:05:32,950 the session will not persist the next time they open a window or fire up their web browser session cookie. 89 00:05:35,140 --> 00:05:41,290 The same site, and this is a parameter that set in the cookie that tells it, you know, how strict 90 00:05:41,290 --> 00:05:43,600 you want to be about what site this cookie applies to. 91 00:05:43,690 --> 00:05:47,850 And we're going to go with a default that's built in to go called the same site, lax mode. 92 00:05:48,130 --> 00:05:49,330 And there are other options there. 93 00:05:49,330 --> 00:05:51,300 But this is sufficient for our purposes right now. 94 00:05:51,790 --> 00:05:55,630 And finally, session cookie dot secure. 95 00:05:55,660 --> 00:06:02,260 Well, this will insist that the cookies be encrypted and that the connection is from HTP X instead 96 00:06:02,260 --> 00:06:03,330 of HTP. 97 00:06:03,700 --> 00:06:05,740 I'm going to set that defaults in production. 98 00:06:05,750 --> 00:06:11,140 You want that to be true and I'm going to set it defaults because we're hitting localhost 80 80 and 99 00:06:11,140 --> 00:06:12,640 that is not an encrypted connection. 100 00:06:12,820 --> 00:06:14,260 So we'll set it defaults right now. 101 00:06:14,770 --> 00:06:18,130 It seems to me that's the second time we've had to do this sort of thing. 102 00:06:18,310 --> 00:06:20,530 Session Cookie secure equals false. 103 00:06:20,920 --> 00:06:26,200 Back in middleware, if you recall, we did the same thing here for the cookie that set for no surf. 104 00:06:26,530 --> 00:06:28,570 We had to set that defaults as well. 105 00:06:29,190 --> 00:06:31,030 Well, that seems really awkward. 106 00:06:31,030 --> 00:06:35,860 Now, I have two things to remember when I when I have to go into production, I to make changes in 107 00:06:35,860 --> 00:06:36,610 two places. 108 00:06:37,120 --> 00:06:39,760 That seems to me to be really not a great idea. 109 00:06:39,880 --> 00:06:45,250 So let's go back to our main function and think about how before we go any further we might be able 110 00:06:45,250 --> 00:06:48,420 to set this variable everywhere it needs to be set. 111 00:06:48,570 --> 00:06:51,400 Basically, the question I'm asking is a really simple one. 112 00:06:51,790 --> 00:06:57,200 Am I running as a production server or am I running as a development server? 113 00:06:57,820 --> 00:07:03,640 Well, it seems to me that one of the places we could actually change this might be by storing a value 114 00:07:03,640 --> 00:07:11,800 in a config and the config value might be something as simple as in production and make that a loop. 115 00:07:12,460 --> 00:07:17,290 Now, remember, we said the great thing about our app config being set up the way that it is, is that 116 00:07:17,290 --> 00:07:22,660 I can store value in here and it's immediately available to every part of the application that uses 117 00:07:22,660 --> 00:07:23,490 app config. 118 00:07:24,280 --> 00:07:26,470 So I've now got a place to store that value. 119 00:07:26,470 --> 00:07:27,340 Let's go set it. 120 00:07:28,480 --> 00:07:35,920 And I might just say right here, change this to true well in production and there's even a better way 121 00:07:35,920 --> 00:07:36,370 to do this. 122 00:07:36,370 --> 00:07:37,480 But we'll get to that later on. 123 00:07:37,930 --> 00:07:43,120 All I'm going to do is say app introduction equals false. 124 00:07:44,720 --> 00:07:49,170 There now I can use this value anywhere that I need to. 125 00:07:49,640 --> 00:07:55,760 So, for example, I can use it right here where it says and secure. 126 00:07:57,050 --> 00:07:57,960 I can use it there. 127 00:07:58,100 --> 00:07:59,550 Can I use it in my middleware? 128 00:07:59,600 --> 00:08:00,910 Well, I want to put it right here. 129 00:08:00,920 --> 00:08:02,500 Let's try again and see what happens. 130 00:08:02,510 --> 00:08:04,220 No, I can't use that right there. 131 00:08:04,260 --> 00:08:04,630 Why? 132 00:08:05,090 --> 00:08:13,040 Because this is a function that has no access to that config, because back in main go my app config, 133 00:08:13,280 --> 00:08:14,570 I declared here. 134 00:08:15,200 --> 00:08:17,980 So it's limited to the scope of this main variable. 135 00:08:18,230 --> 00:08:22,640 Now, since middleware is in the same package as main, it's in the main package. 136 00:08:22,890 --> 00:08:30,020 All I really need to do is to cut this out of here and put it outside of the main function and now it's 137 00:08:30,020 --> 00:08:32,300 available to middleware so I can store in there. 138 00:08:32,570 --> 00:08:35,150 So I actually have a secure app in production. 139 00:08:35,150 --> 00:08:41,120 Same site can be left with it, but I have my secure set here and I have my secure set here and I don't 140 00:08:41,120 --> 00:08:46,910 need to worry about doing anything other than changing this fault's to a true before I compile the application 141 00:08:46,910 --> 00:08:47,630 for production. 142 00:08:47,810 --> 00:08:48,200 All right. 143 00:08:48,780 --> 00:08:55,610 So I set up this session and one of the things that I said a moment ago was I probably I might at some 144 00:08:55,610 --> 00:09:01,520 point need to use this session variable in my middleware, for example, which doesn't know anything 145 00:09:01,520 --> 00:09:03,560 about it and has no access to the app variable. 146 00:09:04,010 --> 00:09:07,010 So how can I actually make that work a little bit better? 147 00:09:07,040 --> 00:09:08,320 Well, it's not too difficult. 148 00:09:08,630 --> 00:09:10,580 What I'm going to do is come up here and declare a variable. 149 00:09:11,000 --> 00:09:16,950 VAR session is going to be a pointer to Eckstut session manager. 150 00:09:18,840 --> 00:09:21,060 OK, and that says it's not being used anywhere. 151 00:09:21,080 --> 00:09:26,870 Well, it's not, because this variable, even though it has the same name as this variable, these 152 00:09:26,870 --> 00:09:28,540 are two different things entirely. 153 00:09:29,540 --> 00:09:35,420 And what this is actually called is variable shadowing and it's a really difficult problem to fix, 154 00:09:35,420 --> 00:09:39,130 to define so you can fix it when it happens to your code. 155 00:09:39,140 --> 00:09:40,940 So you need to be conscious of this. 156 00:09:41,330 --> 00:09:45,510 This variable and this variable are not the same to make them the same. 157 00:09:45,560 --> 00:09:52,070 All I have to do is that now I'm referring to a variable that exists outside of the scope and is available 158 00:09:52,070 --> 00:09:53,650 to the entire main package. 159 00:09:53,960 --> 00:09:59,120 So I've created that variable session and I've set its necessary parameters. 160 00:09:59,840 --> 00:10:01,280 Where am I going to use this session? 161 00:10:01,280 --> 00:10:06,170 Where is the most likely place that I'm ever going to have to get information from the session? 162 00:10:06,530 --> 00:10:10,030 Well, the most likely place is almost certainly handlers. 163 00:10:10,190 --> 00:10:12,590 Here is where I need to get access to that session. 164 00:10:12,950 --> 00:10:19,700 But because Handler's is its own package right here, this is on package handlers and that session variable 165 00:10:19,700 --> 00:10:21,830 session exists in the main package. 166 00:10:22,460 --> 00:10:23,810 Never the two shall meet. 167 00:10:23,930 --> 00:10:28,370 I need to get that session over to handlers and to anywhere else. 168 00:10:28,370 --> 00:10:30,180 I might possibly have to use it. 169 00:10:30,710 --> 00:10:33,380 So, again, where is the best way to place to put this? 170 00:10:33,380 --> 00:10:35,050 Let's put it in config. 171 00:10:35,070 --> 00:10:41,180 Go now, remember when I declared this variable, it's a type X session manager, so let's go back to 172 00:10:41,180 --> 00:10:45,110 our config and create another field, another member to this. 173 00:10:45,560 --> 00:10:48,590 And it's going to be called session and it has to have a capital letter. 174 00:10:48,590 --> 00:10:55,640 So it's visible and it is of type star excession manager, a point or two in succession manager. 175 00:10:55,730 --> 00:11:00,490 OK, so now that now we have a place to store our session back in May not go. 176 00:11:00,500 --> 00:11:06,770 Now, once I have declared this session, all I have to do is say Apte session equals session. 177 00:11:07,700 --> 00:11:12,080 And now if I need to, in my middleware, have access to that session, I can do it. 178 00:11:12,200 --> 00:11:20,720 So my middleware in my handlers, let's say I go down to one of my handlers here and say Apte session, 179 00:11:20,900 --> 00:11:24,260 sorry, Emdur app session. 180 00:11:24,260 --> 00:11:28,580 You see, I have access to it and I can do all the things that I need to do from it so I can get a value 181 00:11:28,580 --> 00:11:31,270 from the session or I can put a value into the session. 182 00:11:31,370 --> 00:11:32,930 But we're not doing that yet, so I'll delete it. 183 00:11:32,930 --> 00:11:39,500 I'm just demonstrating that in fact I now have access to that session variable stored in the application 184 00:11:39,500 --> 00:11:39,920 confect. 185 00:11:40,340 --> 00:11:41,870 So I've created this session so far. 186 00:11:41,900 --> 00:11:42,260 All right. 187 00:11:42,320 --> 00:11:46,640 Before we go any further, let's make sure everything compiles, even though I'm not using that session. 188 00:11:46,910 --> 00:11:48,830 Let's try running our application. 189 00:11:50,820 --> 00:11:59,610 It compiles perfect, so I come back over here and maybe reload the homepage and go to the about page, 190 00:11:59,610 --> 00:12:00,270 perfect. 191 00:12:00,290 --> 00:12:02,380 OK, so is that all I need to do? 192 00:12:02,400 --> 00:12:07,020 Do I need to actually, just now that I've got the section variable and I can use it in my handlers 193 00:12:07,020 --> 00:12:12,720 and I can use it in my main package and I could even actually use it in my middleware because middleware 194 00:12:12,720 --> 00:12:16,890 is in the same package as Main and the session is declared at the package level. 195 00:12:17,040 --> 00:12:19,540 I seems like I've got everything I need to start using sessions. 196 00:12:19,560 --> 00:12:20,490 Well, not quite. 197 00:12:20,610 --> 00:12:28,530 There is one more thing I need to worry about, because Web servers by their very nature are not state 198 00:12:28,530 --> 00:12:29,130 aware. 199 00:12:29,130 --> 00:12:35,940 I need to add some middleware that tells this web server and a Web web application is a web server that 200 00:12:35,940 --> 00:12:38,130 it should remember state using sessions. 201 00:12:38,310 --> 00:12:40,020 Unfortunately, it's really easy to use. 202 00:12:40,050 --> 00:12:42,320 All I have to do is come in here and create some new middleware. 203 00:12:43,170 --> 00:12:44,160 So I'm in my middleware. 204 00:12:44,370 --> 00:12:50,100 Com package and I'm going to create a new function func and I'll call it session load. 205 00:12:50,130 --> 00:12:56,820 All that does is load the session and like all middleware, it needs to take a parameter next and it 206 00:12:56,820 --> 00:12:58,380 has to be at HTP Handler. 207 00:13:01,130 --> 00:13:04,870 Right there, and it has to return an HDB handler. 208 00:13:08,390 --> 00:13:15,150 And inside the function definition, what I do is really quite straightforward return session, dot 209 00:13:15,320 --> 00:13:19,280 load and save and pass it next. 210 00:13:20,810 --> 00:13:24,380 So all this does, we can go look at the source code for this if you want to. 211 00:13:24,620 --> 00:13:29,460 All it does is it provides middleware, which automatically loads and saves session data for the current 212 00:13:29,460 --> 00:13:32,950 request and communicates the session token to and from the client in a cookie. 213 00:13:33,290 --> 00:13:33,800 That's it. 214 00:13:34,760 --> 00:13:37,670 So now I've got this middleware, but it's not being used. 215 00:13:37,670 --> 00:13:41,380 So let's go back to our roots and use it mixed up. 216 00:13:42,260 --> 00:13:44,910 Use and paste such and save and load. 217 00:13:45,620 --> 00:13:46,900 I'm actually that's fine. 218 00:13:47,050 --> 00:13:53,780 Is now I have access to the sessions so if I quit out of the application a compiler it should compile 219 00:13:53,780 --> 00:13:54,950 again and it does. 220 00:13:55,320 --> 00:13:58,880 I'm going to go back to my middleware and give these things comments like they're supposed to. 221 00:14:02,240 --> 00:14:10,020 Session load loads and saves the session on every request. 222 00:14:10,670 --> 00:14:11,420 No, sir. 223 00:14:13,520 --> 00:14:14,120 No, sir. 224 00:14:14,990 --> 00:14:21,860 See us RF protection to all post requests. 225 00:14:22,400 --> 00:14:26,060 OK, and this one, I, I'd left it there as a reference, but I don't need it anymore. 226 00:14:26,060 --> 00:14:26,920 So it's going away. 227 00:14:27,500 --> 00:14:30,500 So now I have everything I need to start using sessions. 228 00:14:30,770 --> 00:14:33,400 I've initialize my session in the main function. 229 00:14:33,740 --> 00:14:37,430 I've started in my configuration, my application wide configuration. 230 00:14:37,880 --> 00:14:40,990 I've added the necessary middleware to save and load them. 231 00:14:41,180 --> 00:14:42,670 We should be good to go. 232 00:14:44,690 --> 00:14:50,000 So in the next lecture, let's try playing with Sessions and see how it might all work. 233 00:14:50,510 --> 00:14:51,080 See then.