Merge pull request #1897 from yuyongsheng/develop

add/get session id into/from http header, check the session name in http header

Merge pull request #1897 from yuyongsheng/develop
add/get session id into/from http header, check the session name in http header
e89f5623 · astaxie · 70f3f6b8 · 5aa085bf · e89f5623 · e89f5623
Commit e89f5623 authored Apr 21, 2016 by astaxie
Show whitespace changes
Inline Side-by-side

Showing with 60 additions and 1 deletion

config.go config.go +6 -0

hooks.go hooks.go +3 -0

session.go session/session.go +51 -1

No files found.
--- a/config.go
+++ b/config.go
@@ -91,6 +91,9 @@ type SessionConfig struct {
 	SessionCookieLifeTime   int
 	SessionAutoSetCookie    bool
 	SessionDomain           string
+	EnableSidInHttpHeader   bool //	enable store/get the sessionId into/from http headers
+	SessionNameInHttpHeader string
+	EnableSidInUrlQuery     bool //	enable get the sessionId from Url Query params
 }

 // LogConfig holds Log related config
@@ -191,6 +194,9 @@ func newBConfig() *Config {
 				SessionCookieLifeTime:   0, //set cookie default is the browser life
 				SessionAutoSetCookie:    true,
 				SessionDomain:           "",
+				EnableSidInHttpHeader:   false, //	enable store/get the sessionId into/from http headers
+				SessionNameInHttpHeader: "Beegosessionid",
+				EnableSidInUrlQuery:     false, //	enable get the sessionId from Url Query params
 			},
 		},
 		Log: LogConfig{

--- a/hooks.go
+++ b/hooks.go
@@ -54,6 +54,9 @@ func registerSession() error {
 				"enableSetCookie":         BConfig.WebConfig.Session.SessionAutoSetCookie,
 				"domain":                  BConfig.WebConfig.Session.SessionDomain,
 				"cookieLifeTime":          BConfig.WebConfig.Session.SessionCookieLifeTime,
+				"enableSidInHttpHeader":   BConfig.WebConfig.Session.EnableSidInHttpHeader,
+				"sessionNameInHttpHeader": BConfig.WebConfig.Session.SessionNameInHttpHeader,
+				"enableSidInUrlQuery":     BConfig.WebConfig.Session.EnableSidInUrlQuery,
 			}
 			confBytes, err := json.Marshal(conf)
 			if err != nil {

--- a/session/session.go
+++ b/session/session.go
@@ -31,10 +31,12 @@ import (
 	"crypto/rand"
 	"encoding/hex"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"io"
 	"log"
 	"net/http"
+	"net/textproto"
 	"net/url"
 	"os"
 	"time"
@@ -90,6 +92,9 @@ type managerConfig struct {
 	ProviderConfig          string `json:"providerConfig"`
 	Domain                  string `json:"domain"`
 	SessionIDLength         int64  `json:"sessionIDLength"`
+	EnableSidInHttpHeader   bool   `json:"enableSidInHttpHeader"`
+	SessionNameInHttpHeader string `json:"sessionNameInHttpHeader"`
+	EnableSidInUrlQuery     bool   `json:"enableSidInUrlQuery"`
 }

 // Manager contains Provider and its configuration.
@@ -124,6 +129,23 @@ func NewManager(provideName, config string) (*Manager, error) {
 	if cf.Maxlifetime == 0 {
 		cf.Maxlifetime = cf.Gclifetime
 	}
+
+	if cf.EnableSidInHttpHeader {
+		if cf.SessionNameInHttpHeader == "" {
+			err = errors.New("SessionNameInHttpHeader is empty")
+			panic(err)
+			return nil, err
+		}
+
+		strMimeHeader := textproto.CanonicalMIMEHeaderKey(cf.SessionNameInHttpHeader)
+		if cf.SessionNameInHttpHeader != strMimeHeader {
+			strErrMsg := "SessionNameInHttpHeader (" + cf.SessionNameInHttpHeader + ") has the wrong format, it should be like this : " + strMimeHeader
+			err = errors.New(strErrMsg)
+			panic(err)
+			return nil, err
+		}
+	}
+
 	err = provider.SessionInit(cf.Maxlifetime, cf.ProviderConfig)
 	if err != nil {
 		return nil, err
@@ -149,12 +171,24 @@ func NewManager(provideName, config string) (*Manager, error) {
 func (manager *Manager) getSid(r *http.Request) (string, error) {
 	cookie, errs := r.Cookie(manager.config.CookieName)
 	if errs != nil || cookie.Value == "" || cookie.MaxAge < 0 {
+		var sid string
+		if manager.config.EnableSidInUrlQuery {
 			errs := r.ParseForm()
 			if errs != nil {
 				return "", errs
 			}

-		sid := r.FormValue(manager.config.CookieName)
+			sid = r.FormValue(manager.config.CookieName)
+		}
+
+		// if not found in Cookie / param, then read it from request headers
+		if manager.config.EnableSidInHttpHeader && sid == "" {
+			sids, isFound := r.Header[manager.config.SessionNameInHttpHeader]
+			if isFound && len(sids) != 0 {
+				return sids[0], nil
+			}
+		}
+
 		return sid, nil
 	}

@@ -198,11 +232,21 @@ func (manager *Manager) SessionStart(w http.ResponseWriter, r *http.Request) (se
 	}
 	r.AddCookie(cookie)

+	if manager.config.EnableSidInHttpHeader {
+		r.Header.Set(manager.config.SessionNameInHttpHeader, sid)
+		w.Header().Set(manager.config.SessionNameInHttpHeader, sid)
+	}
+
 	return
 }

 // SessionDestroy Destroy session by its id in http request cookie.
 func (manager *Manager) SessionDestroy(w http.ResponseWriter, r *http.Request) {
+	if manager.config.EnableSidInHttpHeader {
+		r.Header.Del(manager.config.SessionNameInHttpHeader)
+		w.Header().Del(manager.config.SessionNameInHttpHeader)
+	}
+
 	cookie, err := r.Cookie(manager.config.CookieName)
 	if err != nil || cookie.Value == "" {
 		return
@@ -267,6 +311,12 @@ func (manager *Manager) SessionRegenerateID(w http.ResponseWriter, r *http.Reque
 		http.SetCookie(w, cookie)
 	}
 	r.AddCookie(cookie)
+
+	if manager.config.EnableSidInHttpHeader {
+		r.Header.Set(manager.config.SessionNameInHttpHeader, sid)
+		w.Header().Set(manager.config.SessionNameInHttpHeader, sid)
+	}
+
 	return
 }