90

I'm trying to set cookies with Go's net/http package. I have:

package main

import "io"
import "net/http"
import "time"

func indexHandler(w http.ResponseWriter, req *http.Request) {
    expire := time.Now().AddDate(0, 0, 1)
    cookie := http.Cookie{"test", "tcookie", "/", "www.domain.com", expire, expire.Format(time.UnixDate), 86400, true, true, "test=tcookie", []string{"test=tcookie"}}
    req.AddCookie(&cookie)
    io.WriteString(w, "Hello world!")
}

func main() {
    http.HandleFunc("/", indexHandler)
    http.ListenAndServe(":80", nil)
}

I tried googling 'Golang' with 'cookies', but didn't get any good results. If anyone can point me in the right direction it would be greatly appreciated.

xpt
  • 20,363
  • 37
  • 127
  • 216
Tech163
  • 4,176
  • 8
  • 33
  • 36

7 Answers7

114

I am not a Go expert, but I think you are setting the cookie on the request, aren't you? You might want to set it on the response. There is a setCookie function in net/http. This might help: http://golang.org/pkg/net/http/#SetCookie

func SetCookie(w ResponseWriter, cookie *Cookie)
Jonathan Hall
  • 75,165
  • 16
  • 143
  • 189
Tobias N. Sasse
  • 2,457
  • 1
  • 19
  • 14
19
//ShowAllTasksFunc is used to handle the "/" URL which is the default ons
func ShowAllTasksFunc(w http.ResponseWriter, r *http.Request){
    if r.Method == "GET" {
        context := db.GetTasks("pending") //true when you want non deleted notes
        if message != "" {
            context.Message = message
        }
        context.CSRFToken = "abcd"
        message = ""
        expiration := time.Now().Add(365 * 24 * time.Hour)
        cookie    :=    http.Cookie{Name: "csrftoken",Value:"abcd",Expires:expiration}
        http.SetCookie(w, &cookie)
        homeTemplate.Execute(w, context)
    } else {
        message = "Method not allowed"
        http.Redirect(w, r, "/", http.StatusFound)
    }
}

There is a basic difference between Requests and ResponseWriter, a Request is what a browser will send like 

Host: 127.0.0.1:8081
User-Agent: ...
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Referer: http://127.0.0.1:8081/
Cookie: csrftoken=abcd
Connection: keep-alive

and a response is what the handler will send, something like :

Content-Type: text/html; charset=utf-8
Date: Tue, 12 Jan 2016 16:43:53 GMT
Set-Cookie: csrftoken=abcd; Expires=Wed, 11 Jan 2017 16:43:53 GMT
Transfer-Encoding: chunked
<html>...</html>

When the browser will make a request, it'll include the cookie for that domain, since cookies are stored domain wise and can't be accessed from cross domains, if you set a cookie as HTTP only then it can only be accessed from the website which set it via HTTP and not via JS.

So when getting information from cookies you can do that from the r.Cookie method, like this

cookie, _ := r.Cookie("csrftoken")
if formToken == cookie.Value {

https://github.com/thewhitetulip/Tasks/blob/master/views/addViews.go#L72-L75

But when you are going to set a cookie, you have to do it in the response writer method, the request is a read only object which we respond to, think of it as a text message you get from someone, that is a request, you can only get it, what you type is a response, so you can type in a cookie at

for more details: https://thewhitetulip.gitbooks.io/webapp-with-golang-anti-textbook/content/content/2.4workingwithform.html

thewhitetulip
  • 3,235
  • 3
  • 21
  • 26
  • 2
    in my case cookie set didn't work without setting a path: `http.Cookie{Name: "csrftoken",Value:"abcd",Expires:expiration, Path: "/"}` – Maxim Yefremov Dec 02 '18 at 13:01
14

This Below code helps u 

    cookie1 := &http.Cookie{Name: "sample", Value: "sample", HttpOnly: false}
    http.SetCookie(w, cookie1)
Dharani Dharan
  • 624
  • 1
  • 7
  • 18
9

Below shows how we use cookie in our product:

func handleFoo(w http.ResponseWriter, r *http.Request) {

    // cookie will get expired after 1 year 
    expires := time.Now().AddDate(1, 0, 0)

    ck := http.Cookie{
        Name: "JSESSION_ID",
        Domain: "foo.com",
        Path: "/",
        Expires: expires,
    }

    // value of cookie    
    ck.Value = "value of this awesome cookie"

    // write the cookie to response
    http.SetCookie(w, &ck)

    // ...
}
Bill Xiong
  • 91
  • 1
  • 3
5

It was not working for me in Safari until I added the Path and MaxAge. Both secure and regular cookies worked for me

Sharing so that it helps someone who is stuck like me for more than 2 days :)

expire := time.Now().Add(20 * time.Minute) // Expires in 20 minutes
cookie := http.Cookie{Name: "username", Value: "nonsecureuser", Path: "/", Expires: expire, MaxAge: 86400}
http.SetCookie(w, &cookie)
cookie = http.Cookie{Name: "secureusername", Value: "secureuser", Path: "/", Expires: expire, MaxAge: 86400, HttpOnly: true, Secure: true}
http.SetCookie(w, &cookie)
deepakssn
  • 5,195
  • 2
  • 24
  • 19
4

First, you need to create Cookie and then using http package's SetCookie() function you can set the cookie.

expire := time.Now().Add(10 * time.Minute) 
cookie := http.Cookie{Name: "User", Value: "John", Path: "/", Expires: expire, MaxAge: 90000}
http.SetCookie(w, &cookie)
Stephen Rauch
  • 47,830
  • 31
  • 106
  • 135
Kabeer Shaikh
  • 207
  • 3
  • 2
-2

You can use gorilla package for handling cookies or i would say secure cookies: http://www.gorillatoolkit.org/pkg/securecookie

A-kay
  • 65
  • 1
  • 1
  • 3