gitea/vendor/github.com/gorilla/sessions/README.md

sessions
========
[![GoDoc](https://godoc.org/github.com/gorilla/sessions?status.svg)](https://godoc.org/github.com/gorilla/sessions) [![Build Status](https://travis-ci.org/gorilla/sessions.png?branch=master)](https://travis-ci.org/gorilla/sessions)

gorilla/sessions provides cookie and filesystem sessions and infrastructure for
custom session backends.

The key features are:

* Simple API: use it as an easy way to set signed (and optionally
  encrypted) cookies.
* Built-in backends to store sessions in cookies or the filesystem.
* Flash messages: session values that last until read.
* Convenient way to switch session persistency (aka "remember me") and set
  other attributes.
* Mechanism to rotate authentication and encryption keys.
* Multiple sessions per request, even using different backends.
* Interfaces and infrastructure for custom session backends: sessions from
  different stores can be retrieved and batch-saved using a common API.

Let's start with an example that shows the sessions API in a nutshell:

```go
	import (
		"net/http"
		"github.com/gorilla/sessions"
	)

	var store = sessions.NewCookieStore([]byte("something-very-secret"))

	func MyHandler(w http.ResponseWriter, r *http.Request) {
		// Get a session. We're ignoring the error resulted from decoding an
		// existing session: Get() always returns a session, even if empty.
		session, _ := store.Get(r, "session-name")
		// Set some session values.
		session.Values["foo"] = "bar"
		session.Values[42] = 43
		// Save it before we write to the response/return from the handler.
		session.Save(r, w)
	}
```

First we initialize a session store calling `NewCookieStore()` and passing a
secret key used to authenticate the session. Inside the handler, we call
`store.Get()` to retrieve an existing session or a new one. Then we set some
session values in session.Values, which is a `map[interface{}]interface{}`.
And finally we call `session.Save()` to save the session in the response.

Important Note: If you aren't using gorilla/mux, you need to wrap your handlers
with
[`context.ClearHandler`](http://www.gorillatoolkit.org/pkg/context#ClearHandler)
as or else you will leak memory! An easy way to do this is to wrap the top-level
mux when calling http.ListenAndServe:

More examples are available [on the Gorilla
website](http://www.gorillatoolkit.org/pkg/sessions).

## Store Implementations

Other implementations of the `sessions.Store` interface:

* [github.com/starJammer/gorilla-sessions-arangodb](https://github.com/starJammer/gorilla-sessions-arangodb) - ArangoDB
* [github.com/yosssi/boltstore](https://github.com/yosssi/boltstore) - Bolt
* [github.com/srinathgs/couchbasestore](https://github.com/srinathgs/couchbasestore) - Couchbase
* [github.com/denizeren/dynamostore](https://github.com/denizeren/dynamostore) - Dynamodb on AWS
* [github.com/bradleypeabody/gorilla-sessions-memcache](https://github.com/bradleypeabody/gorilla-sessions-memcache) - Memcache
* [github.com/dsoprea/go-appengine-sessioncascade](https://github.com/dsoprea/go-appengine-sessioncascade) - Memcache/Datastore/Context in AppEngine
* [github.com/kidstuff/mongostore](https://github.com/kidstuff/mongostore) - MongoDB
* [github.com/srinathgs/mysqlstore](https://github.com/srinathgs/mysqlstore) - MySQL
* [github.com/EnumApps/clustersqlstore](https://github.com/EnumApps/clustersqlstore) - MySQL Cluster
* [github.com/antonlindstrom/pgstore](https://github.com/antonlindstrom/pgstore) - PostgreSQL
* [github.com/boj/redistore](https://github.com/boj/redistore) - Redis
* [github.com/boj/rethinkstore](https://github.com/boj/rethinkstore) - RethinkDB
* [github.com/boj/riakstore](https://github.com/boj/riakstore) - Riak
* [github.com/michaeljs1990/sqlitestore](https://github.com/michaeljs1990/sqlitestore) - SQLite
* [github.com/wader/gormstore](https://github.com/wader/gormstore) - GORM (MySQL, PostgreSQL, SQLite)
* [github.com/gernest/qlstore](https://github.com/gernest/qlstore) - ql

## License

BSD licensed. See the LICENSE file for details.
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider) 2017-02-22 08:14:37 +01:00			`sessions`
			`========`
			`[![GoDoc](https://godoc.org/github.com/gorilla/sessions?status.svg)](https://godoc.org/github.com/gorilla/sessions) [![Build Status](https://travis-ci.org/gorilla/sessions.png?branch=master)](https://travis-ci.org/gorilla/sessions)`

			`gorilla/sessions provides cookie and filesystem sessions and infrastructure for`
			`custom session backends.`

			`The key features are:`

			`* Simple API: use it as an easy way to set signed (and optionally`
			`encrypted) cookies.`
			`* Built-in backends to store sessions in cookies or the filesystem.`
			`* Flash messages: session values that last until read.`
			`* Convenient way to switch session persistency (aka "remember me") and set`
			`other attributes.`
			`* Mechanism to rotate authentication and encryption keys.`
			`* Multiple sessions per request, even using different backends.`
			`* Interfaces and infrastructure for custom session backends: sessions from`
			`different stores can be retrieved and batch-saved using a common API.`

			`Let's start with an example that shows the sessions API in a nutshell:`

			```go
			`import (`
			`"net/http"`
			`"github.com/gorilla/sessions"`
			`)`

			`var store = sessions.NewCookieStore([]byte("something-very-secret"))`

			`func MyHandler(w http.ResponseWriter, r *http.Request) {`
			`// Get a session. We're ignoring the error resulted from decoding an`
			`// existing session: Get() always returns a session, even if empty.`
			`session, _ := store.Get(r, "session-name")`
			`// Set some session values.`
			`session.Values["foo"] = "bar"`
			`session.Values[42] = 43`
			`// Save it before we write to the response/return from the handler.`
			`session.Save(r, w)`
			`}`
			```

			First we initialize a session store calling `NewCookieStore()` and passing a
			`secret key used to authenticate the session. Inside the handler, we call`
			`store.Get()` to retrieve an existing session or a new one. Then we set some
			session values in session.Values, which is a `map[interface{}]interface{}`.
			And finally we call `session.Save()` to save the session in the response.

			`Important Note: If you aren't using gorilla/mux, you need to wrap your handlers`
			`with`
			[`context.ClearHandler`](http://www.gorillatoolkit.org/pkg/context#ClearHandler)
			`as or else you will leak memory! An easy way to do this is to wrap the top-level`
			`mux when calling http.ListenAndServe:`

			`More examples are available [on the Gorilla`
			`website](http://www.gorillatoolkit.org/pkg/sessions).`

			`## Store Implementations`

			Other implementations of the `sessions.Store` interface:

			`* [github.com/starJammer/gorilla-sessions-arangodb](https://github.com/starJammer/gorilla-sessions-arangodb) - ArangoDB`
			`* [github.com/yosssi/boltstore](https://github.com/yosssi/boltstore) - Bolt`
			`* [github.com/srinathgs/couchbasestore](https://github.com/srinathgs/couchbasestore) - Couchbase`
			`* [github.com/denizeren/dynamostore](https://github.com/denizeren/dynamostore) - Dynamodb on AWS`
			`* [github.com/bradleypeabody/gorilla-sessions-memcache](https://github.com/bradleypeabody/gorilla-sessions-memcache) - Memcache`
			`* [github.com/dsoprea/go-appengine-sessioncascade](https://github.com/dsoprea/go-appengine-sessioncascade) - Memcache/Datastore/Context in AppEngine`
			`* [github.com/kidstuff/mongostore](https://github.com/kidstuff/mongostore) - MongoDB`
			`* [github.com/srinathgs/mysqlstore](https://github.com/srinathgs/mysqlstore) - MySQL`
			`* [github.com/EnumApps/clustersqlstore](https://github.com/EnumApps/clustersqlstore) - MySQL Cluster`
			`* [github.com/antonlindstrom/pgstore](https://github.com/antonlindstrom/pgstore) - PostgreSQL`
			`* [github.com/boj/redistore](https://github.com/boj/redistore) - Redis`
			`* [github.com/boj/rethinkstore](https://github.com/boj/rethinkstore) - RethinkDB`
			`* [github.com/boj/riakstore](https://github.com/boj/riakstore) - Riak`
			`* [github.com/michaeljs1990/sqlitestore](https://github.com/michaeljs1990/sqlitestore) - SQLite`
			`* [github.com/wader/gormstore](https://github.com/wader/gormstore) - GORM (MySQL, PostgreSQL, SQLite)`
			`* [github.com/gernest/qlstore](https://github.com/gernest/qlstore) - ql`

			`## License`

			`BSD licensed. See the LICENSE file for details.`