mirror of
https://github.com/astaxie/beego.git
synced 2024-11-23 21:00:54 +00:00
Merge pull request #4226 from vinicio/feature/same-site
session: adds CookieSameSite to ManagerConfig
This commit is contained in:
commit
b8c1e133bf
@ -15,13 +15,14 @@
|
||||
package beego
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"reflect"
|
||||
"runtime"
|
||||
"strings"
|
||||
"crypto/tls"
|
||||
|
||||
"github.com/astaxie/beego/config"
|
||||
"github.com/astaxie/beego/context"
|
||||
@ -108,6 +109,7 @@ type SessionConfig struct {
|
||||
SessionEnableSidInHTTPHeader bool // enable store/get the sessionId into/from http headers
|
||||
SessionNameInHTTPHeader string
|
||||
SessionEnableSidInURLQuery bool // enable get the sessionId from Url Query params
|
||||
SessionCookieSameSite http.SameSite
|
||||
}
|
||||
|
||||
// LogConfig holds Log related config
|
||||
@ -267,6 +269,7 @@ func newBConfig() *Config {
|
||||
SessionEnableSidInHTTPHeader: false, // enable store/get the sessionId into/from http headers
|
||||
SessionNameInHTTPHeader: "Beegosessionid",
|
||||
SessionEnableSidInURLQuery: false, // enable get the sessionId from Url Query params
|
||||
SessionCookieSameSite: http.SameSiteDefaultMode,
|
||||
},
|
||||
},
|
||||
Log: LogConfig{
|
||||
|
1
hooks.go
1
hooks.go
@ -61,6 +61,7 @@ func registerSession() error {
|
||||
conf.EnableSidInHTTPHeader = BConfig.WebConfig.Session.SessionEnableSidInHTTPHeader
|
||||
conf.SessionNameInHTTPHeader = BConfig.WebConfig.Session.SessionNameInHTTPHeader
|
||||
conf.EnableSidInURLQuery = BConfig.WebConfig.Session.SessionEnableSidInURLQuery
|
||||
conf.CookieSameSite = BConfig.WebConfig.Session.SessionCookieSameSite
|
||||
} else {
|
||||
if err = json.Unmarshal([]byte(sessionConfig), conf); err != nil {
|
||||
return err
|
||||
|
@ -106,6 +106,7 @@ type ManagerConfig struct {
|
||||
SessionNameInHTTPHeader string `json:"SessionNameInHTTPHeader"`
|
||||
EnableSidInURLQuery bool `json:"EnableSidInURLQuery"`
|
||||
SessionIDPrefix string `json:"sessionIDPrefix"`
|
||||
CookieSameSite http.SameSite `json:"cookieSameSite"`
|
||||
}
|
||||
|
||||
// Manager contains Provider and its configuration.
|
||||
@ -232,6 +233,7 @@ func (manager *Manager) SessionStart(w http.ResponseWriter, r *http.Request) (se
|
||||
HttpOnly: !manager.config.DisableHTTPOnly,
|
||||
Secure: manager.isSecure(r),
|
||||
Domain: manager.config.Domain,
|
||||
SameSite: manager.config.CookieSameSite,
|
||||
}
|
||||
if manager.config.CookieLifeTime > 0 {
|
||||
cookie.MaxAge = manager.config.CookieLifeTime
|
||||
@ -271,7 +273,9 @@ func (manager *Manager) SessionDestroy(w http.ResponseWriter, r *http.Request) {
|
||||
HttpOnly: !manager.config.DisableHTTPOnly,
|
||||
Expires: expiration,
|
||||
MaxAge: -1,
|
||||
Domain: manager.config.Domain}
|
||||
Domain: manager.config.Domain,
|
||||
SameSite: manager.config.CookieSameSite,
|
||||
}
|
||||
|
||||
http.SetCookie(w, cookie)
|
||||
}
|
||||
@ -306,6 +310,7 @@ func (manager *Manager) SessionRegenerateID(w http.ResponseWriter, r *http.Reque
|
||||
HttpOnly: !manager.config.DisableHTTPOnly,
|
||||
Secure: manager.isSecure(r),
|
||||
Domain: manager.config.Domain,
|
||||
SameSite: manager.config.CookieSameSite,
|
||||
}
|
||||
} else {
|
||||
oldsid, _ := url.QueryUnescape(cookie.Value)
|
||||
|
Loading…
Reference in New Issue
Block a user