I understand the difference between context and session in golang.
gorilla/context stores values shared during a request lifetime whereas gorilla/session data persists across multiple requests through secure cookie.
Some blogs claim that context is required to pass user data from one middleware to another.
For user authentication, you would have to store user data in session anyways and why would you store user data into context as well?
I suppose it is so that you don't have to get user data from session (cookie) again but it seems redundant.
The gorilla/sessions package uses gorilla/context in its implementation.
If the application uses session data to store id of the authenticated user, then the application does not need use the gorilla/context package directly.