7 lines (6 loc) · 334 Bytes

TODO

Add ClearCookie to the examples, like for permissions2 and permissionbolt
Use the anti timing-attack from martini-contrib/auth/.
Look into supporting HTTP basic auth, but only for some paths (see xyproto/scoreserver)
Use a more international selection of letters when validating usernames (in userstate.go)