diff --git a/session/sess_cookie_test.go b/session/sess_cookie_test.go index fe3ac806..b5982260 100644 --- a/session/sess_cookie_test.go +++ b/session/sess_cookie_test.go @@ -53,3 +53,44 @@ func TestCookie(t *testing.T) { } } } + +func TestDestorySessionCookie(t *testing.T) { + config := `{"cookieName":"gosessionid","enableSetCookie":true,"gclifetime":3600,"ProviderConfig":"{\"cookieName\":\"gosessionid\",\"securityKey\":\"beegocookiehashkey\"}"}` + globalSessions, err := NewManager("cookie", config) + if err != nil { + t.Fatal("init cookie session err", err) + } + + r, _ := http.NewRequest("GET", "/", nil) + w := httptest.NewRecorder() + session, err := globalSessions.SessionStart(w, r) + if err != nil { + t.Fatal("session start err,", err) + } + + // request again ,will get same sesssion id . + r1, _ := http.NewRequest("GET", "/", nil) + r1.Header.Set("Cookie", w.Header().Get("Set-Cookie")) + w = httptest.NewRecorder() + newSession, err := globalSessions.SessionStart(w, r1) + if err != nil { + t.Fatal("session start err,", err) + } + if newSession.SessionID() != session.SessionID() { + t.Fatal("get cookie session id is not the same again.") + } + + // After destory session , will get a new session id . + globalSessions.SessionDestroy(w, r1) + r2, _ := http.NewRequest("GET", "/", nil) + r2.Header.Set("Cookie", w.Header().Get("Set-Cookie")) + + w = httptest.NewRecorder() + newSession, err = globalSessions.SessionStart(w, r2) + if err != nil { + t.Fatal("session start error") + } + if newSession.SessionID() == session.SessionID() { + t.Fatal("after destory session and reqeust again ,get cookie session id is same.") + } +} diff --git a/session/session.go b/session/session.go index da079180..1a58ab13 100644 --- a/session/session.go +++ b/session/session.go @@ -142,7 +142,7 @@ func NewManager(provideName, config string) (*Manager, error) { // otherwise return an valid session id. func (manager *Manager) getSid(r *http.Request) (string, error) { cookie, errs := r.Cookie(manager.config.CookieName) - if errs != nil || cookie.Value == "" { + if errs != nil || cookie.Value == "" || cookie.MaxAge < 0 { errs := r.ParseForm() if errs != nil { return "", errs @@ -202,13 +202,16 @@ func (manager *Manager) SessionDestroy(w http.ResponseWriter, r *http.Request) { return } manager.provider.SessionDestroy(cookie.Value) - expiration := time.Now() - cookie = &http.Cookie{Name: manager.config.CookieName, - Path: "/", - HttpOnly: true, - Expires: expiration, - MaxAge: -1} - http.SetCookie(w, cookie) + if manager.config.EnableSetCookie { + expiration := time.Now() + cookie = &http.Cookie{Name: manager.config.CookieName, + Path: "/", + HttpOnly: true, + Expires: expiration, + MaxAge: -1} + + http.SetCookie(w, cookie) + } } // GetSessionStore Get SessionStore by its id. @@ -231,7 +234,7 @@ func (manager *Manager) SessionRegenerateID(w http.ResponseWriter, r *http.Reque return } cookie, err := r.Cookie(manager.config.CookieName) - if err != nil && cookie.Value == "" { + if err != nil || cookie.Value == "" { //delete old cookie session, _ = manager.provider.SessionRead(sid) cookie = &http.Cookie{Name: manager.config.CookieName, @@ -252,7 +255,9 @@ func (manager *Manager) SessionRegenerateID(w http.ResponseWriter, r *http.Reque cookie.MaxAge = manager.config.CookieLifeTime cookie.Expires = time.Now().Add(time.Duration(manager.config.CookieLifeTime) * time.Second) } - http.SetCookie(w, cookie) + if manager.config.EnableSetCookie { + http.SetCookie(w, cookie) + } r.AddCookie(cookie) return }