Merge pull request #1539 from ysqi/develop

change get sessionID logic from cookie

Merge pull request #1539 from ysqi/develop
change get sessionID logic from cookie
ecc6bcba · astaxie · 3fdf72f1 · 80912b62 · ecc6bcba · ecc6bcba
Commit ecc6bcba authored Jan 07, 2016 by astaxie
Hide whitespace changes
Inline Side-by-side

Showing with 56 additions and 10 deletions

sess_cookie_test.go session/sess_cookie_test.go +41 -0

session.go session/session.go +15 -10

No files found.
--- a/session/sess_cookie_test.go
+++ b/session/sess_cookie_test.go
@@ -53,3 +53,44 @@ func TestCookie(t *testing.T) {
 		}
 	}
 }
+
+func TestDestorySessionCookie(t *testing.T) {
+	config := `{"cookieName":"gosessionid","enableSetCookie":true,"gclifetime":3600,"ProviderConfig":"{\"cookieName\":\"gosessionid\",\"securityKey\":\"beegocookiehashkey\"}"}`
+	globalSessions, err := NewManager("cookie", config)
+	if err != nil {
+		t.Fatal("init cookie session err", err)
+	}
+
+	r, _ := http.NewRequest("GET", "/", nil)
+	w := httptest.NewRecorder()
+	session, err := globalSessions.SessionStart(w, r)
+	if err != nil {
+		t.Fatal("session start err,", err)
+	}
+
+	// request again ,will get same sesssion id .
+	r1, _ := http.NewRequest("GET", "/", nil)
+	r1.Header.Set("Cookie", w.Header().Get("Set-Cookie"))
+	w = httptest.NewRecorder()
+	newSession, err := globalSessions.SessionStart(w, r1)
+	if err != nil {
+		t.Fatal("session start err,", err)
+	}
+	if newSession.SessionID() != session.SessionID() {
+		t.Fatal("get cookie session id is not the same again.")
+	}
+
+	// After destory session , will get a new session id .
+	globalSessions.SessionDestroy(w, r1)
+	r2, _ := http.NewRequest("GET", "/", nil)
+	r2.Header.Set("Cookie", w.Header().Get("Set-Cookie"))
+
+	w = httptest.NewRecorder()
+	newSession, err = globalSessions.SessionStart(w, r2)
+	if err != nil {
+		t.Fatal("session start error")
+	}
+	if newSession.SessionID() == session.SessionID() {
+		t.Fatal("after destory session and reqeust again ,get cookie session id is same.")
+	}
+}
--- a/session/session.go
+++ b/session/session.go
@@ -142,7 +142,7 @@ func NewManager(provideName, config string) (*Manager, error) {
 // otherwise return an valid session id.
 func (manager *Manager) getSid(r *http.Request) (string, error) {
 	cookie, errs := r.Cookie(manager.config.CookieName)
-	if errs != nil || cookie.Value == "" {
+	if errs != nil || cookie.Value == "" || cookie.MaxAge < 0 {
 		errs := r.ParseForm()
 		if errs != nil {
 			return "", errs
@@ -202,13 +202,16 @@ func (manager *Manager) SessionDestroy(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	manager.provider.SessionDestroy(cookie.Value)
-	expiration := time.Now()
-	cookie = &http.Cookie{Name: manager.config.CookieName,
-		Path:     "/",
-		HttpOnly: true,
-		Expires:  expiration,
-		MaxAge:   -1}
-	http.SetCookie(w, cookie)
+	if manager.config.EnableSetCookie {
+		expiration := time.Now()
+		cookie = &http.Cookie{Name: manager.config.CookieName,
+			Path:     "/",
+			HttpOnly: true,
+			Expires:  expiration,
+			MaxAge:   -1}
+
+		http.SetCookie(w, cookie)
+	}
 }

 // GetSessionStore Get SessionStore by its id.
@@ -231,7 +234,7 @@ func (manager *Manager) SessionRegenerateID(w http.ResponseWriter, r *http.Reque
 		return
 	}
 	cookie, err := r.Cookie(manager.config.CookieName)
-	if err != nil && cookie.Value == "" {
+	if err != nil || cookie.Value == "" {
 		//delete old cookie
 		session, _ = manager.provider.SessionRead(sid)
 		cookie = &http.Cookie{Name: manager.config.CookieName,
@@ -252,7 +255,9 @@ func (manager *Manager) SessionRegenerateID(w http.ResponseWriter, r *http.Reque
 		cookie.MaxAge = manager.config.CookieLifeTime
 		cookie.Expires = time.Now().Add(time.Duration(manager.config.CookieLifeTime) * time.Second)
 	}
-	http.SetCookie(w, cookie)
+	if manager.config.EnableSetCookie {
+		http.SetCookie(w, cookie)
+	}
 	r.AddCookie(cookie)
 	return
 }