re: Some Observations While Learning Golang VIEW POST

TOP OF THREAD FULL DISCUSSION
re: Some points I'd like to add, as a personal opinion since I re-started Golang recently. Standard lib docs are pretty horrendous if you're not prec...
 

While the STDLib's pretty complete, some critical and must-be-secure parts are missing (I'm mainly thinking of sessions)

I think sessions are missing in the stdlib because Go is mostly geared towards servers and API servers than "web apps".

To be even fairer, a lot of languages do not have "sessions" builtin in the standard library, you can build that on top of cookies, which Go supports.

 

That's true. The problem is that sessions are often carrying sensitive data, and having to reinvent the wheel on this precise topic can generate some problems.

Another problem for that is that there's no common interface, and most session libraries are either not audited, not maintained or very complex for almost nothing.

Another problem for that is that there's no common interface, and most session libraries are either not audited, not maintained or very complex for almost nothing.

That goes back to my initial point. I rarely see people writing about having used Go for a traditional web app (I for one wouldn't as a first choice, it's way faster to build a web app using other platforms), which might be the reason why there are not enough eyes around session management and user authentication libraries. Just a hunch

code of conduct - report abuse