package auth import ( "crypto/rand" "encoding/hex" "net/http" "sync" "time" ) var ( sessions = map[string]time.Time{} mu sync.Mutex ) func GenerateSession() (string, error) { bytes := make([]byte, 32) _, err := rand.Read(bytes) if err != nil { return "", err } token := hex.EncodeToString(bytes) mu.Lock() sessions[token] = time.Now() mu.Unlock() return token, nil } func IsLoggedIn(r *http.Request) bool { cookie, err := r.Cookie("session") if err != nil { return false } mu.Lock() _, exists := sessions[cookie.Value] mu.Unlock() return exists } func SetSessionCookie(w http.ResponseWriter, token string) { http.SetCookie(w, &http.Cookie{ Name: "session", Value: token, Path: "/", HttpOnly: true, SameSite: http.SameSiteLaxMode, }) } func ClearSession(w http.ResponseWriter, r *http.Request) { cookie, err := r.Cookie("session") if err == nil { mu.Lock() delete(sessions, cookie.Value) mu.Unlock() } http.SetCookie(w, &http.Cookie{ Name: "session", Value: "", Path: "/", MaxAge: -1, HttpOnly: true, }) }