HTTP cookie usage for Golang

This is a creation in Article, where the information may have evolved or changed.

HTTP cookie usage for Golang

Cookies are often used to authenticate user logins during the development of a server-side program. With the definition of an HTTP cookie in the Golang net/http package, here's a look at the general usage of cookies and the issues needing attention.

Definition of HTTP cookie

Let's take a look at Golang's definition of cookie structure:

type Cookie struct {        Name  string        Value string        Path       string    // optional        Domain     string    // optional        Expires    time.Time // optional        RawExpires string    // for reading cookies only        // MaxAge=0 means no 'Max-Age' attribute specified.        // MaxAge<0 means delete cookie now, equivalently 'Max-Age: 0'        // MaxAge>0 means Max-Age attribute present and given in seconds        MaxAge   int        Secure   bool        HttpOnly bool        Raw      string        Unparsed []string // Raw text of unparsed attribute-value pairs}

Common parameters:

Name: The name of the cookie

Value: The value corresponding to the cookie name

Domain: The scope of the cookie

Expires: Set the expiration time of the cookie

HttpOnly: Set the HttpOnly property (description: The HttpOnly attribute of the cookie to instruct the browser not to expose cookies except HTTP (and HTTPS) requests. A cookie with the HttpOnly attribute cannot be accessed in a non-HTTP manner, for example by invoking JavaScript (for example, referencing Document.cookie), it is not possible to steal this cookie through cross-domain scripting (a very common attack technique). In particular, Facebook and Google are using the HttpOnly attribute extensively. ）

Secure: Set the Secure Property (description: The secure attribute of the cookie means that the cookie communication is limited to encrypted transmissions, indicating that the browser is only able to use the cookie through a secure/encrypted connection. If a Web server sets a cookie with the secure attribute from a non-secure connection, it can still be intercepted by a man-in-the-middle attack when the cookie is sent to the client)
MaxAge: Set expiration time, corresponding to maxage property of browser Cookie

Server-side Settings cookie

To understand the properties of the cookie, we can set the cookie on the server.

COOKIE_MAX_MAX_AGE     = time.Hour * 24 / time.Second   // 单位：秒。maxAge = int(COOKIE_MAX_MAX_AGE)uid:="10"uid_cookie:=&http.Cookie{        Name:   "uid",        Value:    uid,        Path:     "/",        HttpOnly: false,        MaxAge:   maxAge    }http.SetCookie(c.Writer,uid_cookie)

Browser Record Cookie

Server-side access to cookies

var c  = *gin.Contextuid, err := c.Request.Cookie("uid")