Ensure correct cookie header even if cookie exists

Previously, if the cookie value was passed to the database from the client, then the client would not set the correct cookie option values, effectively causing the cookie to expire.
This commit is contained in:
Tobie Morgan Hitchcock 2018-05-14 00:15:26 +01:00
parent 68f7ce3851
commit 6f02651c4f

View file

@ -26,27 +26,29 @@ import (
const cookie = "surreal" const cookie = "surreal"
func uniq(val *http.Cookie) string {
if val != nil && len(val.Value) == 64 {
return val.Value
}
return rand.String(64)
}
func sess() fibre.MiddlewareFunc { func sess() fibre.MiddlewareFunc {
return func(h fibre.HandlerFunc) fibre.HandlerFunc { return func(h fibre.HandlerFunc) fibre.HandlerFunc {
return func(c *fibre.Context) (err error) { return func(c *fibre.Context) (err error) {
val, err := c.Request().Cookie(cookie) val, _ := c.Request().Cookie(cookie)
if err != nil {
crt := len(cnf.Settings.Cert.Crt) != 0 crt := len(cnf.Settings.Cert.Crt) != 0
key := len(cnf.Settings.Cert.Key) != 0 key := len(cnf.Settings.Cert.Key) != 0
val = &http.Cookie{ val = &http.Cookie{
Name: cookie, Name: cookie,
Value: rand.String(64), Value: uniq(val),
Secure: (crt && key), Secure: (crt && key),
HttpOnly: true, HttpOnly: true,
Expires: time.Now().Add(365 * 24 * time.Hour), Expires: time.Now().Add(365 * 24 * time.Hour),
} }
}
c.Response().Header().Set("Set-Cookie", val.String()) c.Response().Header().Set("Set-Cookie", val.String())
c.Set(varKeyCook, val.Value) c.Set(varKeyCook, val.Value)