Alex Edwards

I'm going to close this PR. This isn't something that I'll ever use myself, I'm afraid that I don't understand the code (and therefore am not comfortable maintaining it), and...

This is causing me problems as well. As far as I can see it's not possible to import both `github.com/jackc/pgx/v5` and `github.com/golang-migrate/migrate/v4/database/pgx` (which uses ` github.com/jackc/pgx/v4`) as it results in...

I like the idea of a `NewWithOptions()` approach. Perhaps we could make `Options` a struct and pass it as a 2nd parameter to allow further options in the future without...

@ryanlath Please see https://github.com/alexedwards/scs/issues/188

@NewHouses I've implemented this in commit https://github.com/alexedwards/scs/commit/a38e822451b69071afa6fd12667d50df4563d20f. I felt that using http.ResponseController and build tags to restrict the functionality to Go 1.20+ was a better option here.

I'm afraid that I can't merge this --- it's vulnerable to SQL injection attacks (the session token is passed through direct from the untrusted session cookie). Is it possible to...

@tiagonbotelho Thanks, that sounds good to me :+1: It would be great if you could update the README for postgresstore to include examples of both using it with pq and...

@dlpetrie Yes, as @nal says, session tokens use 256 bits of entropy, collisions aren't something to worry about. In theory, we could add a `SetToken()` method that allows you to...

I'd be happy to add this, but I'm wary of changing the public API of the `SessionCookie` type until we know exactly what the implementation will look like in `net/http`....

I think that the correct fix here is really for the websocket library to start supporting http.ResponseController, which is the modern way of dealing with this. I've pushed https://github.com/alexedwards/scs/commit/a38e822451b69071afa6fd12667d50df4563d20f which...