Setting HTTP Cookie in Golang [SOLVED]

In previous chapter, we discussed http server and client in Golang. Today, we will walk through how to manage http cookie in Go with net/http package.

http cookie: HTTP cookies (also called web cookies, Internet cookies, browser cookies, or simply cookies) are small blocks of data created by a web server while a user is browsing a website and placed on the user's computer or other device by the user's web browser. Cookies are placed on the device used to access a website, and more than one cookie may be placed on a user's device during a session.

Advertisement

net/http package: Package http provides HTTP client and server implementations. Get, Head, Post, and PostForm make HTTP (or HTTPS) requests.

 

Create simple http server

We have written a detailed article on setting up web server using golang. Here is an example of http server which print out "Hello, world!" for every GET request:

package main

import (
	"fmt"
	"net/http"
)

func helloHandler(w http.ResponseWriter, req *http.Request) {
	fmt.Fprintf(w, "Hello, world!\n")
}

func main() {
	http.HandleFunc("/", helloHandler)
	http.ListenAndServe(":8080", nil)
}

Output:

Now you can access to http://localhost:8080/

Setting HTTP Cookie in Golang [SOLVED]

 

Set cookies in HTTP web server

cookie in Golang is defined as a struct:

type Cookie struct {
	Name  string
	Value string

	Path       string    // optional
	Domain     string    // optional
	Expires    time.Time // optional
	RawExpires string    // for reading cookies only

	// MaxAge=0 means no 'Max-Age' attribute specified.
	// MaxAge<0 means delete cookie now, equivalently 'Max-Age: 0'
	// MaxAge>0 means Max-Age attribute present and given in seconds
	MaxAge   int
	Secure   bool
	HttpOnly bool
	SameSite SameSite
	Raw      string
	Unparsed []string // Raw text of unparsed attribute-value pairs
}

For the usage of all fields, you can refer to documentation page.

Advertisement

In this case, we can use SetCookie() function in net/http package to set a http cookie.

func SetCookie(w ResponseWriter, cookie *Cookie): SetCookie adds a Set-Cookie header to the provided ResponseWriter's headers. The provided cookie must have a valid Name. Invalid cookies may be silently dropped.

Here's an example of using SetCookie() function to set cookies:

package main

import (
	"fmt"
	"net/http"
	"time"
)

func helloHandler(w http.ResponseWriter, req *http.Request) {
	// set cookie for storing token
	cookie := http.Cookie{}
	cookie.Name = "accessToken"
	cookie.Value = "ro8BS6Hiivgzy8Xuu09JDjlNLnSLldY5"
	cookie.Expires = time.Now().Add(365 * 24 * time.Hour)
	cookie.Secure = false
	cookie.HttpOnly = true
	cookie.Path = "/"
	http.SetCookie(w, &cookie)

	fmt.Fprintf(w, "This is cookies!\n")
}

func main() {
	http.HandleFunc("/", helloHandler)
	http.ListenAndServe(":8080", nil)
}

Output:

 

Fetch cookies in HTTP web server

Now let's see how to get a cookie that has been set:

    cookie, _ := r.Cookie(<span class="hljs-string">"page"</span>)
    fmt.Fprint(w, cookie)

Here is another way to get a cookie:

    for _, cookie := range r.Cookies() {
        fmt.Fprint(w, cookie.Name)
    }

Here is full version of fetch cookies in Go:

package main

import (
	"fmt"
	"net/http"
	"time"
)

func helloHandler(w http.ResponseWriter, req *http.Request) {
	// set cookie for storing token
	cookie := http.Cookie{}
	cookie.Name = "accessToken"
	cookie.Value = "ro8BS6Hiivgzy8Xuu09JDjlNLnSLldY5"
	cookie.Expires = time.Now().Add(365 * 24 * time.Hour)
	cookie.Secure = false
	cookie.HttpOnly = true
	cookie.Path = "/"
	http.SetCookie(w, &cookie)

	cookie2 := http.Cookie{}
	cookie2.Name = "page"
	cookie2.Value = "GoLinuxCloud"
	cookie2.Expires = time.Now().Add(365 * 24 * time.Hour)
	cookie2.Secure = false
	cookie2.HttpOnly = true
	cookie2.Path = "/"
	http.SetCookie(w, &cookie2)

	fmt.Fprintf(w, "This is cookies!\n")
}

func printCookie(w http.ResponseWriter, req *http.Request) {
	var returnStr string
	for _, cookie := range req.Cookies() {
		returnStr = returnStr + cookie.Name + ":" + cookie.Value + "\n"
	}
	fmt.Fprintf(w, returnStr)
}

func main() {
	http.HandleFunc("/", helloHandler)
	http.HandleFunc("/print", printCookie)
	http.ListenAndServe(":8080", nil)
}

Output:

 

Summary

In this example, we have discussed about http cookies in Golang. All client data is saved in cookies on the client side. Cookies have various security issues, as you may have seen. For instance, bad third party websites may be able to crack usernames and passwords and acquire the information.

 

References

https://en.wikipedia.org/wiki/HTTP_cookie
https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol

 

Categories GO

Didn't find what you were looking for? Perform a quick search across GoLinuxCloud

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can either use the comments section or contact me form.

Thank You for your support!!

Leave a Comment

X