Matt Silverlock
Matt Silverlock
Update: still a WIP. I'm waiting for Go's "dep" tool to land so I can version the library more cleanly.
dep hasn't landed in the Go toolchain yet, so nothing yet. There is an (old) WIP branch - https://github.com/gorilla/securecookie/tree/elithrar/v2 - but unlikely to commit significant time until dep lands. Is...
We can probably look to add SameSite to the current version (I'll also accept a PR!) On Thu, Oct 26, 2017 at 2:38 PM Bruno Bigras wrote: > dep hasn't...
There's no priority on this right now. Is there a particular need that would be fulfilled by v2? @srikrsna
@srikrsna Sure, but what do you need out of sessions v2? What about sessions v1 doesn't fit your use-case? (be precise, it helps us understand what users are after!)
Proposed, simplified API: ```go type SecureCookie struct { // fields } // No need to provide two keys: we authenticate by default, or use an AEAD construct for encryption. func...
@srikrsna - if you have a leak, please file an issue in sessions. You don’t need v2 to avoid that.
I have an updated v2 branch here: https://github.com/gorilla/securecookie/tree/elithrar/v2 Following up on @balasanjay's comments: 1. Yes, agree here on just going for encryption in full: my updated branch uses secretbox/nacl (XSalsa20Poly1305),...
Note: I still have work to do around: - [ ] Errors: I think the error type we expose is OK, but want to sit on it for a bit....
Thinking further on how we do key rotation: there's the likelihood that users would want to change Options as they change keys. Thus, the `RotatedKeys` struct member should possibly be...