1
0
mirror of https://github.com/astaxie/beego.git synced 2024-11-22 18:10:54 +00:00

Merge pull request #1897 from yuyongsheng/develop

add/get session id into/from http header, check the session name in http header
This commit is contained in:
astaxie 2016-04-21 13:04:28 +08:00
commit e89f562396
3 changed files with 95 additions and 36 deletions

View File

@ -91,6 +91,9 @@ type SessionConfig struct {
SessionCookieLifeTime int
SessionAutoSetCookie bool
SessionDomain string
EnableSidInHttpHeader bool // enable store/get the sessionId into/from http headers
SessionNameInHttpHeader string
EnableSidInUrlQuery bool // enable get the sessionId from Url Query params
}
// LogConfig holds Log related config
@ -191,6 +194,9 @@ func newBConfig() *Config {
SessionCookieLifeTime: 0, //set cookie default is the browser life
SessionAutoSetCookie: true,
SessionDomain: "",
EnableSidInHttpHeader: false, // enable store/get the sessionId into/from http headers
SessionNameInHttpHeader: "Beegosessionid",
EnableSidInUrlQuery: false, // enable get the sessionId from Url Query params
},
},
Log: LogConfig{

View File

@ -54,6 +54,9 @@ func registerSession() error {
"enableSetCookie": BConfig.WebConfig.Session.SessionAutoSetCookie,
"domain": BConfig.WebConfig.Session.SessionDomain,
"cookieLifeTime": BConfig.WebConfig.Session.SessionCookieLifeTime,
"enableSidInHttpHeader": BConfig.WebConfig.Session.EnableSidInHttpHeader,
"sessionNameInHttpHeader": BConfig.WebConfig.Session.SessionNameInHttpHeader,
"enableSidInUrlQuery": BConfig.WebConfig.Session.EnableSidInUrlQuery,
}
confBytes, err := json.Marshal(conf)
if err != nil {

View File

@ -31,10 +31,12 @@ import (
"crypto/rand"
"encoding/hex"
"encoding/json"
"errors"
"fmt"
"io"
"log"
"net/http"
"net/textproto"
"net/url"
"os"
"time"
@ -90,6 +92,9 @@ type managerConfig struct {
ProviderConfig string `json:"providerConfig"`
Domain string `json:"domain"`
SessionIDLength int64 `json:"sessionIDLength"`
EnableSidInHttpHeader bool `json:"enableSidInHttpHeader"`
SessionNameInHttpHeader string `json:"sessionNameInHttpHeader"`
EnableSidInUrlQuery bool `json:"enableSidInUrlQuery"`
}
// Manager contains Provider and its configuration.
@ -124,6 +129,23 @@ func NewManager(provideName, config string) (*Manager, error) {
if cf.Maxlifetime == 0 {
cf.Maxlifetime = cf.Gclifetime
}
if cf.EnableSidInHttpHeader {
if cf.SessionNameInHttpHeader == "" {
err = errors.New("SessionNameInHttpHeader is empty")
panic(err)
return nil, err
}
strMimeHeader := textproto.CanonicalMIMEHeaderKey(cf.SessionNameInHttpHeader)
if cf.SessionNameInHttpHeader != strMimeHeader {
strErrMsg := "SessionNameInHttpHeader (" + cf.SessionNameInHttpHeader + ") has the wrong format, it should be like this : " + strMimeHeader
err = errors.New(strErrMsg)
panic(err)
return nil, err
}
}
err = provider.SessionInit(cf.Maxlifetime, cf.ProviderConfig)
if err != nil {
return nil, err
@ -149,12 +171,24 @@ func NewManager(provideName, config string) (*Manager, error) {
func (manager *Manager) getSid(r *http.Request) (string, error) {
cookie, errs := r.Cookie(manager.config.CookieName)
if errs != nil || cookie.Value == "" || cookie.MaxAge < 0 {
var sid string
if manager.config.EnableSidInUrlQuery {
errs := r.ParseForm()
if errs != nil {
return "", errs
}
sid := r.FormValue(manager.config.CookieName)
sid = r.FormValue(manager.config.CookieName)
}
// if not found in Cookie / param, then read it from request headers
if manager.config.EnableSidInHttpHeader && sid == "" {
sids, isFound := r.Header[manager.config.SessionNameInHttpHeader]
if isFound && len(sids) != 0 {
return sids[0], nil
}
}
return sid, nil
}
@ -198,11 +232,21 @@ func (manager *Manager) SessionStart(w http.ResponseWriter, r *http.Request) (se
}
r.AddCookie(cookie)
if manager.config.EnableSidInHttpHeader {
r.Header.Set(manager.config.SessionNameInHttpHeader, sid)
w.Header().Set(manager.config.SessionNameInHttpHeader, sid)
}
return
}
// SessionDestroy Destroy session by its id in http request cookie.
func (manager *Manager) SessionDestroy(w http.ResponseWriter, r *http.Request) {
if manager.config.EnableSidInHttpHeader {
r.Header.Del(manager.config.SessionNameInHttpHeader)
w.Header().Del(manager.config.SessionNameInHttpHeader)
}
cookie, err := r.Cookie(manager.config.CookieName)
if err != nil || cookie.Value == "" {
return
@ -267,6 +311,12 @@ func (manager *Manager) SessionRegenerateID(w http.ResponseWriter, r *http.Reque
http.SetCookie(w, cookie)
}
r.AddCookie(cookie)
if manager.config.EnableSidInHttpHeader {
r.Header.Set(manager.config.SessionNameInHttpHeader, sid)
w.Header().Set(manager.config.SessionNameInHttpHeader, sid)
}
return
}