session: #620 make the session never read empty

d2eece9a · astaxie · c3a23b28 · d2eece9a · d2eece9a
Commit d2eece9a authored May 27, 2014 by astaxie
Show whitespace changes
Inline Side-by-side

Showing with 9 additions and 5 deletions

sess_utils.go session/sess_utils.go +4 -2

session.go session/session.go +5 -3

No files found.
--- a/session/sess_utils.go
+++ b/session/sess_utils.go
@@ -20,6 +20,8 @@ import (
 	"io"
 	"strconv"
 	"time"
+	"github.com/astaxie/beego/utils"
 )
 func init() {
@@ -60,8 +62,8 @@ func DecodeGob(encoded []byte) (map[interface{}]interface{}, error) {
 // generateRandomKey creates a random key with the given strength.
 func generateRandomKey(strength int) []byte {
 	k := make([]byte, strength)
-	if _, err := io.ReadFull(rand.Reader, k); err != nil {
+	if n, err := io.ReadFull(rand.Reader, k); n != strength || err != nil {
-		return nil
+		return utils.RandomCreateBytes(strength)
 	}
 	return k
 }

--- a/session/session.go
+++ b/session/session.go
@@ -18,6 +18,8 @@ import (
 	"net/http"
 	"net/url"
 	"time"
+	"github.com/astaxie/beego/utils"
 )
 // SessionStore contains all data for one session process with specific id.
@@ -237,9 +239,9 @@ func (manager *Manager) SetSecure(secure bool) {
 // generate session id with rand string, unix nano time, remote addr by hash function.
 func (manager *Manager) sessionId(r *http.Request) (sid string) {
-	bs := make([]byte, 24)
+	bs := make([]byte, 32)
-	if _, err := io.ReadFull(rand.Reader, bs); err != nil {
+	if n, err := io.ReadFull(rand.Reader, bs); n != 32 || err != nil {
-		return ""
+		bs = utils.RandomCreateBytes(32)
 	}
 	sig := fmt.Sprintf("%s%d%s", r.RemoteAddr, time.Now().UnixNano(), bs)
 	if manager.config.SessionIDHashFunc == "md5" {