Gorilla/sessions is a Go package that provides session management infrastructure for web applications, offering both built-in and extensible session storage backends. The package is part of the Gorilla web toolkit and serves as a foundational component for handling user sessions in HTTP applications.
The package provides two primary built-in session storage implementations: cookie-based sessions and filesystem-based sessions. Cookie sessions store session data directly in signed and optionally encrypted cookies sent to the client, while filesystem sessions persist session data on the server. Beyond these core implementations, gorilla/sessions defines a Store interface that enables developers to create custom session backends for virtually any data storage system, from traditional databases to cloud services.
Key features of the package include a simple API for setting and retrieving session values through a map-based interface, support for flash messages that persist only until they are read, and mechanisms for rotating authentication and encryption keys to maintain security. The package allows multiple sessions per request using different backends simultaneously, providing flexibility for complex application architectures. Session persistence can be toggled conveniently through a "remember me" pattern, and developers can set various session attributes to control behavior.
The repository demonstrates significant adoption and extensibility, with the README documenting over twenty community-maintained Store implementations targeting diverse backends including ArangoDB, MongoDB, MySQL, PostgreSQL, Redis, DynamoDB, Memcache, SQLite, and Cloud Firestore. This ecosystem indicates the package serves as a standard abstraction layer for session management across the Go web development community.
According to GitGenius activity tracking, the repository has experienced moderate but sustained engagement with a median issue and pull request response latency of approximately 7584 hours and a mean of 15487.5 hours. Bug reports represent the most common issue type with twelve tracked instances, followed by general questions and stale items. The primary contributor tracked is jaitaiwan with 24 recorded events, indicating consistent maintenance activity.
The package requires Go 1.23 or later in its current version due to support for the new partitioned cookie attribute, though version 1.3.0 remains available for applications using older Go versions. The repository maintains active testing infrastructure with continuous integration workflows and code coverage tracking through Codecov. The package is BSD licensed and hosted at gorilla.github.io, positioning it as a mature, production-ready component within the broader Gorilla toolkit ecosystem for Go web development.