Ensure correct cookie header even if cookie exists
Previously, if the cookie value was passed to the database from the client, then the client would not set the correct cookie option values, effectively causing the cookie to expire.
This commit is contained in:
parent
68f7ce3851
commit
6f02651c4f
1 changed files with 16 additions and 14 deletions
16
web/sess.go
16
web/sess.go
|
@ -26,27 +26,29 @@ import (
|
||||||
|
|
||||||
const cookie = "surreal"
|
const cookie = "surreal"
|
||||||
|
|
||||||
|
func uniq(val *http.Cookie) string {
|
||||||
|
if val != nil && len(val.Value) == 64 {
|
||||||
|
return val.Value
|
||||||
|
}
|
||||||
|
return rand.String(64)
|
||||||
|
}
|
||||||
|
|
||||||
func sess() fibre.MiddlewareFunc {
|
func sess() fibre.MiddlewareFunc {
|
||||||
return func(h fibre.HandlerFunc) fibre.HandlerFunc {
|
return func(h fibre.HandlerFunc) fibre.HandlerFunc {
|
||||||
return func(c *fibre.Context) (err error) {
|
return func(c *fibre.Context) (err error) {
|
||||||
|
|
||||||
val, err := c.Request().Cookie(cookie)
|
val, _ := c.Request().Cookie(cookie)
|
||||||
|
|
||||||
if err != nil {
|
|
||||||
|
|
||||||
crt := len(cnf.Settings.Cert.Crt) != 0
|
crt := len(cnf.Settings.Cert.Crt) != 0
|
||||||
key := len(cnf.Settings.Cert.Key) != 0
|
key := len(cnf.Settings.Cert.Key) != 0
|
||||||
|
|
||||||
val = &http.Cookie{
|
val = &http.Cookie{
|
||||||
Name: cookie,
|
Name: cookie,
|
||||||
Value: rand.String(64),
|
Value: uniq(val),
|
||||||
Secure: (crt && key),
|
Secure: (crt && key),
|
||||||
HttpOnly: true,
|
HttpOnly: true,
|
||||||
Expires: time.Now().Add(365 * 24 * time.Hour),
|
Expires: time.Now().Add(365 * 24 * time.Hour),
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
c.Response().Header().Set("Set-Cookie", val.String())
|
c.Response().Header().Set("Set-Cookie", val.String())
|
||||||
|
|
||||||
c.Set(varKeyCook, val.Value)
|
c.Set(varKeyCook, val.Value)
|
||||||
|
|
Loading…
Reference in a new issue