var ( // key must be 16, 24 or 32 bytes long (AES-128, AES-192 or AES-256) key = []byte("super-secret-key") store = sessions.NewCookieStore(key) )
funcsecret(w http.ResponseWriter, r *http.Request) { session, _ := store.Get(r, "cookie-name")
// Check if user is authenticated if auth, ok := session.Values["authenticated"].(bool); !ok || !auth { http.Error(w, "Forbidden", http.StatusForbidden) return }
// Print secret message fmt.Fprintln(w, "The cake is a lie!") }
funclogin(w http.ResponseWriter, r *http.Request) { session, _ := store.Get(r, "cookie-name")
// Authentication goes here // ...
// Set user as authenticated session.Values["authenticated"] = true session.Save(r, w) }
funclogout(w http.ResponseWriter, r *http.Request) { session, _ := store.Get(r, "cookie-name")