From 4603f90b0aab941e1d500a495b6aba046be624bc Mon Sep 17 00:00:00 2001 From: Sedky Haider Date: Tue, 23 Sep 2025 09:09:10 -0400 Subject: [PATCH 1/2] Update golang.md --- tyk-docs/content/api-management/plugins/golang.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tyk-docs/content/api-management/plugins/golang.md b/tyk-docs/content/api-management/plugins/golang.md index c5aba22101..b1147d386b 100644 --- a/tyk-docs/content/api-management/plugins/golang.md +++ b/tyk-docs/content/api-management/plugins/golang.md @@ -518,6 +518,12 @@ func MyPluginFunction(w http.ResponseWriter, r *http.Request) { } ``` +{{< note warning >}} +**Note** + +The Session is set during the (custom) Authentication layer - meaning it won't be set until the middleware chain after the authentication middleware layer. Trying to use `ctx.GetSession` in a custom auth plugin would always return an empty object. +{{< /note >}} + The invocation of `ctx.GetSession(r)` returns an SessionState object. The Go data structure can be found [here](https://github.com/TykTechnologies/tyk/blob/master/user/session.go#L106). From c041f214ca3d7a5f4ae18a822420bee02cc256ca Mon Sep 17 00:00:00 2001 From: Sharad Regoti Date: Tue, 7 Oct 2025 19:11:11 +0530 Subject: [PATCH 2/2] Fixes --- tyk-docs/content/api-management/plugins/golang.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tyk-docs/content/api-management/plugins/golang.md b/tyk-docs/content/api-management/plugins/golang.md index b1147d386b..497c11f6e2 100644 --- a/tyk-docs/content/api-management/plugins/golang.md +++ b/tyk-docs/content/api-management/plugins/golang.md @@ -521,7 +521,8 @@ func MyPluginFunction(w http.ResponseWriter, r *http.Request) { {{< note warning >}} **Note** -The Session is set during the (custom) Authentication layer - meaning it won't be set until the middleware chain after the authentication middleware layer. Trying to use `ctx.GetSession` in a custom auth plugin would always return an empty object. +Tyk Gateway sets the session in the [Authentication layer]({{< ref "api-management/traffic-transformation#request-middleware-chain" >}}) of the middleware chain. Because of this, the session object does not exist until the middleware chain runs after the authentication middleware. If you call `ctx.GetSession` inside a custom auth plugin, it will always return an empty object. + {{< /note >}} The invocation of `ctx.GetSession(r)` returns an SessionState object.