Ensure correct cookie header even if cookie exists
Previously, if the cookie value was passed to the database from the client, then the client would not set the correct cookie option values, effectively causing the cookie to expire.
This commit is contained in:
Tobie Morgan Hitchcock
parent
68f7ce3851
commit
6f02651c4f
1 changed files with 16 additions and 14 deletions
30
web/sess.go
30
web/sess.go
|
|
@ -26,25 +26,27 @@ import (
|
|||
|
||||
const cookie = "surreal"
|
||||
|
||||
func uniq(val *http.Cookie) string {
|
||||
if val != nil && len(val.Value) == 64 {
|
||||
return val.Value
|
||||
}
|
||||
return rand.String(64)
|
||||
}
|
||||
|
||||
func sess() fibre.MiddlewareFunc {
|
||||
return func(h fibre.HandlerFunc) fibre.HandlerFunc {
|
||||
return func(c *fibre.Context) (err error) {
|
||||
|
||||
val, err := c.Request().Cookie(cookie)
|
||||
|
||||
if err != nil {
|
||||
|
||||
crt := len(cnf.Settings.Cert.Crt) != 0
|
||||
key := len(cnf.Settings.Cert.Key) != 0
|
||||
|
||||
val = &http.Cookie{
|
||||
Name: cookie,
|
||||
Value: rand.String(64),
|
||||
Secure: (crt && key),
|
||||
HttpOnly: true,
|
||||
Expires: time.Now().Add(365 * 24 * time.Hour),
|
||||
}
|
||||
val, _ := c.Request().Cookie(cookie)
|
||||
crt := len(cnf.Settings.Cert.Crt) != 0
|
||||
key := len(cnf.Settings.Cert.Key) != 0
|
||||
|
||||
val = &http.Cookie{
|
||||
Name: cookie,
|
||||
Value: uniq(val),
|
||||
Secure: (crt && key),
|
||||
HttpOnly: true,
|
||||
Expires: time.Now().Add(365 * 24 * time.Hour),
|
||||
}
|
||||
|
||||
c.Response().Header().Set("Set-Cookie", val.String())
|
||||
|
|
|
|||
Loading…
Reference in a new issue