change get sessionID logic from cookie

2024-06-02 05:23:28 +00:00 · 2016-01-07 13:15:40 +08:00 · 2016-01-07 13:15:40 +08:00 · 80912b6210
commit 80912b6210
parent 3fdf72f14c
2 changed files with 56 additions and 10 deletions
--- a/session/sess_cookie_test.go
+++ b/session/sess_cookie_test.go
@ -53,3 +53,44 @@ func TestCookie(t *testing.T) {
 		}
 	}
 }
 func TestDestorySessionCookie(t *testing.T) {
 	config := `{"cookieName":"gosessionid","enableSetCookie":true,"gclifetime":3600,"ProviderConfig":"{\"cookieName\":\"gosessionid\",\"securityKey\":\"beegocookiehashkey\"}"}`
 	globalSessions, err := NewManager("cookie", config)
 	if err != nil {
 		t.Fatal("init cookie session err", err)
 	}
 	r, _ := http.NewRequest("GET", "/", nil)
 	w := httptest.NewRecorder()
 	session, err := globalSessions.SessionStart(w, r)
 	if err != nil {
 		t.Fatal("session start err,", err)
 	}
 	// request again ,will get same sesssion id .
 	r1, _ := http.NewRequest("GET", "/", nil)
 	r1.Header.Set("Cookie", w.Header().Get("Set-Cookie"))
 	w = httptest.NewRecorder()
 	newSession, err := globalSessions.SessionStart(w, r1)
 	if err != nil {
 		t.Fatal("session start err,", err)
 	}
 	if newSession.SessionID() != session.SessionID() {
 		t.Fatal("get cookie session id is not the same again.")
 	}
 	// After destory session , will get a new session id .
 	globalSessions.SessionDestroy(w, r1)
 	r2, _ := http.NewRequest("GET", "/", nil)
 	r2.Header.Set("Cookie", w.Header().Get("Set-Cookie"))
 	w = httptest.NewRecorder()
 	newSession, err = globalSessions.SessionStart(w, r2)
 	if err != nil {
 		t.Fatal("session start error")
 	}
 	if newSession.SessionID() == session.SessionID() {
 		t.Fatal("after destory session and reqeust again ,get cookie session id is same.")
 	}
 }
--- a/session/session.go
+++ b/session/session.go
@ -142,7 +142,7 @@ func NewManager(provideName, config string) (*Manager, error) {
 // otherwise return an valid session id.
 func (manager *Manager) getSid(r *http.Request) (string, error) {
 	cookie, errs := r.Cookie(manager.config.CookieName)
-	if errs != nil || cookie.Value == "" {
+	if errs != nil || cookie.Value == "" || cookie.MaxAge < 0 {
 		errs := r.ParseForm()
 		if errs != nil {
 			return "", errs
@ -202,13 +202,16 @@ func (manager *Manager) SessionDestroy(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	manager.provider.SessionDestroy(cookie.Value)
-	expiration := time.Now()
+	if manager.config.EnableSetCookie {
-	cookie = &http.Cookie{Name: manager.config.CookieName,
+		expiration := time.Now()
-		Path:     "/",
+		cookie = &http.Cookie{Name: manager.config.CookieName,
-		HttpOnly: true,
+			Path:     "/",
-		Expires:  expiration,
+			HttpOnly: true,
-		MaxAge:   -1}
+			Expires:  expiration,
-	http.SetCookie(w, cookie)
+			MaxAge:   -1}
 		http.SetCookie(w, cookie)
 	}
 }
 // GetSessionStore Get SessionStore by its id.
@ -231,7 +234,7 @@ func (manager *Manager) SessionRegenerateID(w http.ResponseWriter, r *http.Reque
 		return
 	}
 	cookie, err := r.Cookie(manager.config.CookieName)
-	if err != nil && cookie.Value == "" {
+	if err != nil || cookie.Value == "" {
 		//delete old cookie
 		session, _ = manager.provider.SessionRead(sid)
 		cookie = &http.Cookie{Name: manager.config.CookieName,
@ -252,7 +255,9 @@ func (manager *Manager) SessionRegenerateID(w http.ResponseWriter, r *http.Reque
 		cookie.MaxAge = manager.config.CookieLifeTime
 		cookie.Expires = time.Now().Add(time.Duration(manager.config.CookieLifeTime) * time.Second)
 	}
-	http.SetCookie(w, cookie)
+	if manager.config.EnableSetCookie {
 		http.SetCookie(w, cookie)
 	}
 	r.AddCookie(cookie)
 	return
 }