So you don’t use gorilla/sessions.
I didn’t say this. I said “the problem is in your code”.
Slow down a bit and focus on the contents of func index(res http.ResponseWriter, req *http.Request). The code in this function isn’t doing what you think it should.
Imagine you have just started the server. There are no stored sessions. No-one has logged in or out. Your browser doesn’t have any cookies set for this server.
The server receives its first request for /, index is called.
The code slowly progresses. The first line is executed and a session is returned without an error. What do you think should be in that session? Now add code to show what is actually in that session. You restart the server and request. Do the contents of session match your expectations? If so, you continue on to the next line. If not, how does the difference between what you thought session was and what it actually is affect your understanding of the function?
Line by line, you slowly and carefully verify your expectations. Every time your expectations are not met, you change the way you think and possibly the code (if what it actually does is not what needs to be done).
This is the way of the programmer. Code doesn’t do what you want it to do, it does what it says it does, exactly and precisely, and nothing more.
When the code doesn’t do what you expect (i.e., it doesn’t work), the problem in the code can be found where what you expect and what is don’t match.
As your expectations better match reality, the code you write will naturally become better.
Now, work through your code. Figure out what is actually does.