change get sessionID logic from cookie

80912b62 · ysqi · 3fdf72f1 · 80912b62 · 80912b62
Commit 80912b62 authored Jan 07, 2016 by ysqi
Show whitespace changes
Inline Side-by-side

Showing with 48 additions and 2 deletions

sess_cookie_test.go session/sess_cookie_test.go +41 -0

session.go session/session.go +7 -2

No files found.
--- a/session/sess_cookie_test.go
+++ b/session/sess_cookie_test.go
@@ -53,3 +53,44 @@ func TestCookie(t *testing.T) {
 		}
 	}
 }
+
+func TestDestorySessionCookie(t *testing.T) {
+	config := `{"cookieName":"gosessionid","enableSetCookie":true,"gclifetime":3600,"ProviderConfig":"{\"cookieName\":\"gosessionid\",\"securityKey\":\"beegocookiehashkey\"}"}`
+	globalSessions, err := NewManager("cookie", config)
+	if err != nil {
+		t.Fatal("init cookie session err", err)
+	}
+
+	r, _ := http.NewRequest("GET", "/", nil)
+	w := httptest.NewRecorder()
+	session, err := globalSessions.SessionStart(w, r)
+	if err != nil {
+		t.Fatal("session start err,", err)
+	}
+
+	// request again ,will get same sesssion id .
+	r1, _ := http.NewRequest("GET", "/", nil)
+	r1.Header.Set("Cookie", w.Header().Get("Set-Cookie"))
+	w = httptest.NewRecorder()
+	newSession, err := globalSessions.SessionStart(w, r1)
+	if err != nil {
+		t.Fatal("session start err,", err)
+	}
+	if newSession.SessionID() != session.SessionID() {
+		t.Fatal("get cookie session id is not the same again.")
+	}
+
+	// After destory session , will get a new session id .
+	globalSessions.SessionDestroy(w, r1)
+	r2, _ := http.NewRequest("GET", "/", nil)
+	r2.Header.Set("Cookie", w.Header().Get("Set-Cookie"))
+
+	w = httptest.NewRecorder()
+	newSession, err = globalSessions.SessionStart(w, r2)
+	if err != nil {
+		t.Fatal("session start error")
+	}
+	if newSession.SessionID() == session.SessionID() {
+		t.Fatal("after destory session and reqeust again ,get cookie session id is same.")
+	}
+}
--- a/session/session.go
+++ b/session/session.go
@@ -142,7 +142,7 @@ func NewManager(provideName, config string) (*Manager, error) {
 // otherwise return an valid session id.
 func (manager *Manager) getSid(r *http.Request) (string, error) {
 	cookie, errs := r.Cookie(manager.config.CookieName)
-	if errs != nil || cookie.Value == "" {
+	if errs != nil || cookie.Value == "" || cookie.MaxAge < 0 {
 		errs := r.ParseForm()
 		if errs != nil {
 			return "", errs
@@ -202,13 +202,16 @@ func (manager *Manager) SessionDestroy(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	manager.provider.SessionDestroy(cookie.Value)
+	if manager.config.EnableSetCookie {
 		expiration := time.Now()
 		cookie = &http.Cookie{Name: manager.config.CookieName,
 			Path:     "/",
 			HttpOnly: true,
 			Expires:  expiration,
 			MaxAge:   -1}
+
 		http.SetCookie(w, cookie)
+	}
 }

 // GetSessionStore Get SessionStore by its id.
@@ -231,7 +234,7 @@ func (manager *Manager) SessionRegenerateID(w http.ResponseWriter, r *http.Reque
 		return
 	}
 	cookie, err := r.Cookie(manager.config.CookieName)
-	if err != nil && cookie.Value == "" {
+	if err != nil || cookie.Value == "" {
 		//delete old cookie
 		session, _ = manager.provider.SessionRead(sid)
 		cookie = &http.Cookie{Name: manager.config.CookieName,
@@ -252,7 +255,9 @@ func (manager *Manager) SessionRegenerateID(w http.ResponseWriter, r *http.Reque
 		cookie.MaxAge = manager.config.CookieLifeTime
 		cookie.Expires = time.Now().Add(time.Duration(manager.config.CookieLifeTime) * time.Second)
 	}
+	if manager.config.EnableSetCookie {
 		http.SetCookie(w, cookie)
+	}
 	r.AddCookie(cookie)
 	return
 }