Hi, Thanks for the replies. I deleted the original post because I managed to figure out what to do. There was a bug that stumped me and I thought I was doing things wrong. Once the bug was fixed, it works okay. The example posted by Sebastien is very useful. Thanks!
To answer edward's questions, I am building a multipage app. I use a form-based authentication. I do not encrypt anything on the client side. I assume anything on the client side can easily be compromised. Hence, any encryption or hashing on the client side seems like a waste of effort for little benefits. Instead, I am relying on TLS. However, I encrypt any cookie stored on the client with constantly changing password. It seems like an overkill considering the cookies store only session ID and nothing else. I am curious what the industry best practice is. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
