1
0
mirror of https://github.com/astaxie/beego.git synced 2024-12-23 07:10:49 +00:00

Merge pull request #1539 from ysqi/develop

change get sessionID logic from cookie
This commit is contained in:
astaxie 2016-01-07 13:49:33 +08:00
commit ecc6bcba3f
2 changed files with 56 additions and 10 deletions

View File

@ -53,3 +53,44 @@ func TestCookie(t *testing.T) {
}
}
}
func TestDestorySessionCookie(t *testing.T) {
config := `{"cookieName":"gosessionid","enableSetCookie":true,"gclifetime":3600,"ProviderConfig":"{\"cookieName\":\"gosessionid\",\"securityKey\":\"beegocookiehashkey\"}"}`
globalSessions, err := NewManager("cookie", config)
if err != nil {
t.Fatal("init cookie session err", err)
}
r, _ := http.NewRequest("GET", "/", nil)
w := httptest.NewRecorder()
session, err := globalSessions.SessionStart(w, r)
if err != nil {
t.Fatal("session start err,", err)
}
// request again ,will get same sesssion id .
r1, _ := http.NewRequest("GET", "/", nil)
r1.Header.Set("Cookie", w.Header().Get("Set-Cookie"))
w = httptest.NewRecorder()
newSession, err := globalSessions.SessionStart(w, r1)
if err != nil {
t.Fatal("session start err,", err)
}
if newSession.SessionID() != session.SessionID() {
t.Fatal("get cookie session id is not the same again.")
}
// After destory session , will get a new session id .
globalSessions.SessionDestroy(w, r1)
r2, _ := http.NewRequest("GET", "/", nil)
r2.Header.Set("Cookie", w.Header().Get("Set-Cookie"))
w = httptest.NewRecorder()
newSession, err = globalSessions.SessionStart(w, r2)
if err != nil {
t.Fatal("session start error")
}
if newSession.SessionID() == session.SessionID() {
t.Fatal("after destory session and reqeust again ,get cookie session id is same.")
}
}

View File

@ -142,7 +142,7 @@ func NewManager(provideName, config string) (*Manager, error) {
// otherwise return an valid session id.
func (manager *Manager) getSid(r *http.Request) (string, error) {
cookie, errs := r.Cookie(manager.config.CookieName)
if errs != nil || cookie.Value == "" {
if errs != nil || cookie.Value == "" || cookie.MaxAge < 0 {
errs := r.ParseForm()
if errs != nil {
return "", errs
@ -202,13 +202,16 @@ func (manager *Manager) SessionDestroy(w http.ResponseWriter, r *http.Request) {
return
}
manager.provider.SessionDestroy(cookie.Value)
expiration := time.Now()
cookie = &http.Cookie{Name: manager.config.CookieName,
Path: "/",
HttpOnly: true,
Expires: expiration,
MaxAge: -1}
http.SetCookie(w, cookie)
if manager.config.EnableSetCookie {
expiration := time.Now()
cookie = &http.Cookie{Name: manager.config.CookieName,
Path: "/",
HttpOnly: true,
Expires: expiration,
MaxAge: -1}
http.SetCookie(w, cookie)
}
}
// GetSessionStore Get SessionStore by its id.
@ -231,7 +234,7 @@ func (manager *Manager) SessionRegenerateID(w http.ResponseWriter, r *http.Reque
return
}
cookie, err := r.Cookie(manager.config.CookieName)
if err != nil && cookie.Value == "" {
if err != nil || cookie.Value == "" {
//delete old cookie
session, _ = manager.provider.SessionRead(sid)
cookie = &http.Cookie{Name: manager.config.CookieName,
@ -252,7 +255,9 @@ func (manager *Manager) SessionRegenerateID(w http.ResponseWriter, r *http.Reque
cookie.MaxAge = manager.config.CookieLifeTime
cookie.Expires = time.Now().Add(time.Duration(manager.config.CookieLifeTime) * time.Second)
}
http.SetCookie(w, cookie)
if manager.config.EnableSetCookie {
http.SetCookie(w, cookie)
}
r.AddCookie(cookie)
return
}