Example from usage works, but if I change "_" to " " in "my_session" then example won't work. Is it required for session names to not contain spaces?

Why not use session.Options to set current session's option for the cookie instead of all the cookies ' options?

I thought it was better to have a global session Option Setter and a region session Option Setter for some specail session.

Solved

After cloning the repo I did the following

$ export GOROOT=$HOME/go
$ export GOPATH=$PATH:$GOROOT/bin

$ go get code.google.com/p/go.crypto/bcrypt github.com/codegangsta/martini github.com/martini-contrib/sessions

$ go version
go version go1.2.1 linux/386

$ cd lesson9

$ go run main.go

and I get this in the browser. What am I missing or doing wrong ?
interface conversion: *martini.responseWriter is not martini.ResponseWriter: missing method Before

/usr/local/go/src/pkg/runtime/iface.c:116 (0x805112a)
itab: runtime·panic(err);
/usr/local/go/src/pkg/runtime/iface.c:437 (0x8051a19)
ifaceI2I: ret->tab = itab(inter, tab->type, 0);
/usr/local/go/src/pkg/runtime/iface.c:444 (0x8051a73)
assertI2I: runtime·ifaceI2I(inter, i, &ret);
/home/ankur/bin/src/github.com/martini-contrib/sessions/sessions.go:84 (0x80b0fda)
func.002: rw := res.(martini.ResponseWriter)
/usr/local/go/src/pkg/runtime/asm_386.s:360 (0x8069d35)
call32: CALLFN(call32, 32)
/usr/local/go/src/pkg/reflect/value.go:474 (0x80c9c68)
Value.call: call(fn, ptr, uint32(size))
/usr/local/go/src/pkg/reflect/value.go:345 (0x80c90e4)
Value.Call: return v.call("Call", in)
/home/ankur/bin/src/github.com/codegangsta/inject/inject.go:102 (0x8164b88)
(_injector).Invoke: return reflect.ValueOf(f).Call(in), nil
/home/ankur/bin/src/github.com/codegangsta/martini/martini.go:165 (0x8098e5a)
(_context).run: _, err := c.Invoke(c.handler())
/home/ankur/bin/src/github.com/codegangsta/martini/martini.go:156 (0x8098db8)
(_context).Next: c.run()
/home/ankur/bin/src/github.com/codegangsta/martini/recovery.go:140 (0x809c520)
func.004: c.Next()
/usr/local/go/src/pkg/runtime/asm_386.s:359 (0x8069cd5)
call16: CALLFN(call16, 16)
/usr/local/go/src/pkg/reflect/value.go:474 (0x80c9c68)
Value.call: call(fn, ptr, uint32(size))
/usr/local/go/src/pkg/reflect/value.go:345 (0x80c90e4)
Value.Call: return v.call("Call", in)
/home/ankur/bin/src/github.com/codegangsta/inject/inject.go:102 (0x8164b88)
(_injector).Invoke: return reflect.ValueOf(f).Call(in), nil
/home/ankur/bin/src/github.com/codegangsta/martini/martini.go:165 (0x8098e5a)
(_context).run: _, err := c.Invoke(c.handler())
/home/ankur/bin/src/github.com/codegangsta/martini/martini.go:156 (0x8098db8)
(_context).Next: c.run()
/home/ankur/bin/src/github.com/codegangsta/martini/logger.go:25 (0x809bf2d)
func.001: c.Next()
/usr/local/go/src/pkg/runtime/asm_386.s:360 (0x8069d35)
call32: CALLFN(call32, 32)
/usr/local/go/src/pkg/reflect/value.go:474 (0x80c9c68)
Value.call: call(fn, ptr, uint32(size))
/usr/local/go/src/pkg/reflect/value.go:345 (0x80c90e4)
Value.Call: return v.call("Call", in)
/home/ankur/bin/src/github.com/codegangsta/inject/inject.go:102 (0x8164b88)
(_injector).Invoke: return reflect.ValueOf(f).Call(in), nil
/home/ankur/bin/src/github.com/codegangsta/martini/martini.go:165 (0x8098e5a)
(_context).run: _, err := c.Invoke(c.handler())
/home/ankur/bin/src/github.com/codegangsta/martini/martini.go:69 (0x80983df)
(_Martini).ServeHTTP: m.createContext(res, req).run()
/usr/local/go/src/pkg/net/http/server.go:1597 (0x80857e3)
serverHandler.ServeHTTP: handler.ServeHTTP(rw, req)
/usr/local/go/src/pkg/net/http/server.go:1167 (0x8083e61)
(_conn).serve: serverHandler{c.server}.ServeHTTP(w, w.req)
/usr/local/go/src/pkg/runtime/proc.c:1394 (0x805e090)
goexit: runtime·goexit(void)

Will we add mongodb as session store? Thanks.

Let's say I have 3 servers running the same binary, and a server infront of those to spread out the load, how could I make sure sessions work regardless of what server ends up handling the request?

Would it not be desirable to have a Clear()/Reset() method that clears out the session, or perhaps a method to get all the keys from the session that you could then use with Delete.

This would stop attacks such as this http://guides.rubyonrails.org/security.html#session-fixation-countermeasures

In the Test_SessionsDeleteValue

    m.Get("/show", func(session Session) string {
        if session.Get("hello") == "world" {
            t.Error("Session value deleting failed")
        }
        return "OK"
    })

Get("hello") return interface of hello and it would never equals to string "world"。

func NewCookieStore(maxAge int, keyPairs ...[]byte) CookieStore {
c := sessions.NewCookieStore(keyPairs...)
for _, codec := range c.Codecs {
if c, ok := codec.(*securecookie.SecureCookie); ok {
c.MaxAge(maxAge)
}
}
return &cookieStore{c}
}

I am using the sessionauth package but needed to implement a session lookup were the token came in the request body rather than a cookie in the header.
I was able to work around the in-flow lookup by adding a GetStore() function to this sessions package.
I cook up an http.Request with the cookie from my request body and lookup the gorilla session which has the sessionauth userId.
Could you consider adding this GetStore() function or can you suggest a better way?

Hello,

I was just trying the example code that you have given. I tried to delete the cookie by setting up MaxAge : -1. It seems that its not accepting the options. Below is my code.

package main

import (
"github.com/go-martini/martini"
"github.com/martini-contrib/sessions"
//"net/http"
//"fmt"
//"strconv"

)

func init() {
m := martini.Classic()

store := sessions.NewCookieStore([]byte("secret123"))
m.Use(sessions.Sessions("my_session", store))

m.Get("/set", func(session sessions.Session) string {
    session.Set("hello", "world")
    return "OK"
})

m.Get("/get", func(session sessions.Session) string {
    v := session.Get("hello")
    if v == nil {
        return ""
    }
    return v.(string)
})

m.Get("/logout", func(session sessions.Session) {

    op:=sessions.Options{
          MaxAge: -1 ,
    }
    session.Options(op)

})

m.Run()
}

May I know if anything wrong with this.