Last chapter we created our registration form, learned how to create users, and persist them to disk to avoid losing them between server restarts. We still have to cover how to keep them logged into Gophr. Since HTTP is a stateless protocol—in that it fails to remember anything about you from one request to the next—we use another means to track users between requests: cookies.

In this chapter, we’ll create a session system that lets users log in and out of Gophr at their discretion. To do this, we assign users a session that we store on the server side. Each session has a unique identifier, which is returned to the user in a cookie so that we can match the cookie in the request to the session. The ...