Elevator Pitch
In recent years, many session manager implementations have adopted stateless encrypted cookie sessions. In this talk I go over the benefits and drawbacks to encrypted cookie sessions and argue that stateful server sessions are simpler and more secure.
Description
For most web developers, session management is just a matter of enabling the right plugins for your web framework. Django, Rails, ExpressJS, and pretty much any web framework has sessions built in.
Recently, I’ve begun working on web development in Go. When I searched for a session management solution, I was disappointed to find that there’s a lot of confusion and lack of understanding about how to do this well in Go.
In this talk, I’ll give an overview of the two main forms of Session management (encrypted cookies and server-side stateful), present the benefits and drawbacks to both, and finally present a tool I wrote to manage sessions.
Notes
This is a project I worked on after searching for a good solution and coming up short.
I’ve written a blog post about it here, which represents a shorter version of the talk:
https://blog.abraithwaite.net/2018/08/14/two-sessions/
This repo contains the library I’ll be presenting about:
https://github.com/abraithwaite/jeff
In the talk, I’d include more detail in the form of examples and a comparison of session management packages in Go.