From 6f02651c4ff595841f097d92ef52435a63547a57 Mon Sep 17 00:00:00 2001
From: Tobie Morgan Hitchcock <tobie@abcum.com>
Date: Mon, 14 May 2018 00:15:26 +0100
Subject: [PATCH] Ensure correct cookie header even if cookie exists

Previously, if the cookie value was passed to the database from the client, then the client would not set the correct cookie option values, effectively causing the cookie to expire.
---
 web/sess.go | 30 ++++++++++++++++--------------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/web/sess.go b/web/sess.go
index 1eb3669f..7dd578ff 100644
--- a/web/sess.go
+++ b/web/sess.go
@@ -26,25 +26,27 @@ import (
 
 const cookie = "surreal"
 
+func uniq(val *http.Cookie) string {
+	if val != nil && len(val.Value) == 64 {
+		return val.Value
+	}
+	return rand.String(64)
+}
+
 func sess() fibre.MiddlewareFunc {
 	return func(h fibre.HandlerFunc) fibre.HandlerFunc {
 		return func(c *fibre.Context) (err error) {
 
-			val, err := c.Request().Cookie(cookie)
-
-			if err != nil {
-
-				crt := len(cnf.Settings.Cert.Crt) != 0
-				key := len(cnf.Settings.Cert.Key) != 0
-
-				val = &http.Cookie{
-					Name:     cookie,
-					Value:    rand.String(64),
-					Secure:   (crt && key),
-					HttpOnly: true,
-					Expires:  time.Now().Add(365 * 24 * time.Hour),
-				}
+			val, _ := c.Request().Cookie(cookie)
+			crt := len(cnf.Settings.Cert.Crt) != 0
+			key := len(cnf.Settings.Cert.Key) != 0
 
+			val = &http.Cookie{
+				Name:     cookie,
+				Value:    uniq(val),
+				Secure:   (crt && key),
+				HttpOnly: true,
+				Expires:  time.Now().Add(365 * 24 * time.Hour),
 			}
 
 			c.Response().Header().Set("Set-Cookie", val.String())