re: Some Observations While Learning Golang VIEW POST

FULL DISCUSSION
 

Some points I'd like to add, as a personal opinion since I re-started Golang recently.

  • Standard lib docs are pretty horrendous if you're not precisely on the given use case for examples
  • The template language is pretty confusing at first, you need to learn how to use its internals
  • While the STDLib's pretty complete, some critical and must-be-secure parts are missing (I'm mainly thinking of sessions)
 

That is fair about the docs. Yeah they are not great, I have had to use some outside resources to clarify some things.

I haven't yet worked with Go in a web context yet, except as a quick performance test with a single endpoint that called a raw sql statement with no auth. So maybe I will run into the templating and sessions at that point.

 

While the STDLib's pretty complete, some critical and must-be-secure parts are missing (I'm mainly thinking of sessions)

I think sessions are missing in the stdlib because Go is mostly geared towards servers and API servers than "web apps".

To be even fairer, a lot of languages do not have "sessions" builtin in the standard library, you can build that on top of cookies, which Go supports.

 

That's true. The problem is that sessions are often carrying sensitive data, and having to reinvent the wheel on this precise topic can generate some problems.

Another problem for that is that there's no common interface, and most session libraries are either not audited, not maintained or very complex for almost nothing.

Another problem for that is that there's no common interface, and most session libraries are either not audited, not maintained or very complex for almost nothing.

That goes back to my initial point. I rarely see people writing about having used Go for a traditional web app (I for one wouldn't as a first choice, it's way faster to build a web app using other platforms), which might be the reason why there are not enough eyes around session management and user authentication libraries. Just a hunch

code of conduct - report abuse