### Initialize SecureCookie Instances for Key Rotation Source: https://github.com/gorilla/securecookie/blob/main/README.md Set up multiple SecureCookie instances for key rotation. This example demonstrates storing keys in a map, which is suitable for demonstration but requires persistent storage in production. ```go // keys stored in a map will not be persisted between restarts // a more persistent storage should be considered for production applications. var cookies = map[string]*securecookie.SecureCookie{ "previous": securecookie.New( securecookie.GenerateRandomKey(64), securecookie.GenerateRandomKey(32), ), "current": securecookie.New( securecookie.GenerateRandomKey(64), securecookie.GenerateRandomKey(32), ), } ``` -------------------------------- ### Create a New SecureCookie Instance Source: https://github.com/gorilla/securecookie/blob/main/README.md Instantiate a new SecureCookie with hash and block keys. The hash key is required for authentication, and the block key is optional for encryption. Ensure keys are of appropriate lengths for security. ```go // Hash keys should be at least 32 bytes long var hashKey = []byte("very-secret") // Block keys should be 16 bytes (AES-128) or 32 bytes (AES-256) long. // Shorter keys may weaken the encryption used. var blockKey = []byte("a-lot-secret") var s = securecookie.New(hashKey, blockKey) ``` -------------------------------- ### Decode Cookie with Multiple Keys Source: https://github.com/gorilla/securecookie/blob/main/README.md Decode a cookie value by checking against multiple keys, including current and previous ones. This is essential for seamless key rotation, ensuring older cookies remain valid. ```go func ReadCookieHandler(w http.ResponseWriter, r *http.Request) { if cookie, err := r.Cookie("cookie-name"); err == nil { value := make(map[string]string) err = securecookie.DecodeMulti("cookie-name", cookie.Value, &value, cookies["current"], cookies["previous"]) if err == nil { fmt.Fprintf(w, "The value of foo is %q", value["foo"]) } } ``` -------------------------------- ### Encode Cookie with Multiple Keys Source: https://github.com/gorilla/securecookie/blob/main/README.md Encode a cookie value using a specific key from a set of keys. This is used when implementing key rotation, allowing new cookies to be encoded with the current active key. ```go func SetCookieHandler(w http.ResponseWriter, r *http.Request) { value := map[string]string{ "foo": "bar", } if encoded, err := securecookie.EncodeMulti("cookie-name", value, cookies["current"]); err == nil { cookie := &http.Cookie{ Name: "cookie-name", Value: encoded, Path: "/", } http.SetCookie(w, cookie) } ``` -------------------------------- ### Rotate SecureCookie Keys Source: https://github.com/gorilla/securecookie/blob/main/README.md Update the active keys for cookie encoding and decoding. This function shifts the current key to previous and sets a new key as current, facilitating a secure key rotation strategy. ```go func Rotate(newCookie *securecookie.SecureCookie) { cookies["previous"] = cookies["current"] cookies["current"] = newCookie } ``` -------------------------------- ### Encode Cookie Value Source: https://github.com/gorilla/securecookie/blob/main/README.md Encode a map into a secure cookie string. This function handles the creation of an authenticated and optionally encrypted cookie value. Ensure the cookie name and value are correctly provided. ```go func SetCookieHandler(w http.ResponseWriter, r *http.Request) { value := map[string]string{ "foo": "bar", } if encoded, err := s.Encode("cookie-name", value); err == nil { cookie := &http.Cookie{ Name: "cookie-name", Value: encoded, Path: "/", Secure: true, HttpOnly: true, } http.SetCookie(w, cookie) } ``` -------------------------------- ### Decode and Validate Cookie Value Source: https://github.com/gorilla/securecookie/blob/main/README.md Decode and validate a secure cookie value. This function checks the cookie's integrity and decrypts its content if encryption was used. Ensure the cookie name matches the one used during encoding. ```go func ReadCookieHandler(w http.ResponseWriter, r *http.Request) { if cookie, err := r.Cookie("cookie-name"); err == nil { value := make(map[string]string) if err = s2.Decode("cookie-name", cookie.Value, &value); err == nil { fmt.Fprintf(w, "The value of foo is %q", value["foo"]) } } ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.