1
0
mirror of https://github.com/astaxie/beego.git synced 2024-11-23 03:20:55 +00:00

Merge pull request #1539 from ysqi/develop

change get sessionID logic from cookie
This commit is contained in:
astaxie 2016-01-07 13:49:33 +08:00
commit ecc6bcba3f
2 changed files with 56 additions and 10 deletions

View File

@ -53,3 +53,44 @@ func TestCookie(t *testing.T) {
} }
} }
} }
func TestDestorySessionCookie(t *testing.T) {
config := `{"cookieName":"gosessionid","enableSetCookie":true,"gclifetime":3600,"ProviderConfig":"{\"cookieName\":\"gosessionid\",\"securityKey\":\"beegocookiehashkey\"}"}`
globalSessions, err := NewManager("cookie", config)
if err != nil {
t.Fatal("init cookie session err", err)
}
r, _ := http.NewRequest("GET", "/", nil)
w := httptest.NewRecorder()
session, err := globalSessions.SessionStart(w, r)
if err != nil {
t.Fatal("session start err,", err)
}
// request again ,will get same sesssion id .
r1, _ := http.NewRequest("GET", "/", nil)
r1.Header.Set("Cookie", w.Header().Get("Set-Cookie"))
w = httptest.NewRecorder()
newSession, err := globalSessions.SessionStart(w, r1)
if err != nil {
t.Fatal("session start err,", err)
}
if newSession.SessionID() != session.SessionID() {
t.Fatal("get cookie session id is not the same again.")
}
// After destory session , will get a new session id .
globalSessions.SessionDestroy(w, r1)
r2, _ := http.NewRequest("GET", "/", nil)
r2.Header.Set("Cookie", w.Header().Get("Set-Cookie"))
w = httptest.NewRecorder()
newSession, err = globalSessions.SessionStart(w, r2)
if err != nil {
t.Fatal("session start error")
}
if newSession.SessionID() == session.SessionID() {
t.Fatal("after destory session and reqeust again ,get cookie session id is same.")
}
}

View File

@ -142,7 +142,7 @@ func NewManager(provideName, config string) (*Manager, error) {
// otherwise return an valid session id. // otherwise return an valid session id.
func (manager *Manager) getSid(r *http.Request) (string, error) { func (manager *Manager) getSid(r *http.Request) (string, error) {
cookie, errs := r.Cookie(manager.config.CookieName) cookie, errs := r.Cookie(manager.config.CookieName)
if errs != nil || cookie.Value == "" { if errs != nil || cookie.Value == "" || cookie.MaxAge < 0 {
errs := r.ParseForm() errs := r.ParseForm()
if errs != nil { if errs != nil {
return "", errs return "", errs
@ -202,13 +202,16 @@ func (manager *Manager) SessionDestroy(w http.ResponseWriter, r *http.Request) {
return return
} }
manager.provider.SessionDestroy(cookie.Value) manager.provider.SessionDestroy(cookie.Value)
if manager.config.EnableSetCookie {
expiration := time.Now() expiration := time.Now()
cookie = &http.Cookie{Name: manager.config.CookieName, cookie = &http.Cookie{Name: manager.config.CookieName,
Path: "/", Path: "/",
HttpOnly: true, HttpOnly: true,
Expires: expiration, Expires: expiration,
MaxAge: -1} MaxAge: -1}
http.SetCookie(w, cookie) http.SetCookie(w, cookie)
}
} }
// GetSessionStore Get SessionStore by its id. // GetSessionStore Get SessionStore by its id.
@ -231,7 +234,7 @@ func (manager *Manager) SessionRegenerateID(w http.ResponseWriter, r *http.Reque
return return
} }
cookie, err := r.Cookie(manager.config.CookieName) cookie, err := r.Cookie(manager.config.CookieName)
if err != nil && cookie.Value == "" { if err != nil || cookie.Value == "" {
//delete old cookie //delete old cookie
session, _ = manager.provider.SessionRead(sid) session, _ = manager.provider.SessionRead(sid)
cookie = &http.Cookie{Name: manager.config.CookieName, cookie = &http.Cookie{Name: manager.config.CookieName,
@ -252,7 +255,9 @@ func (manager *Manager) SessionRegenerateID(w http.ResponseWriter, r *http.Reque
cookie.MaxAge = manager.config.CookieLifeTime cookie.MaxAge = manager.config.CookieLifeTime
cookie.Expires = time.Now().Add(time.Duration(manager.config.CookieLifeTime) * time.Second) cookie.Expires = time.Now().Add(time.Duration(manager.config.CookieLifeTime) * time.Second)
} }
if manager.config.EnableSetCookie {
http.SetCookie(w, cookie) http.SetCookie(w, cookie)
}
r.AddCookie(cookie) r.AddCookie(cookie)
return return
} }