Skip to content
Projects
Groups
Snippets
Help
Loading...
Sign in
Toggle navigation
B
beego
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
go
beego
Commits
fc6b9ce0
Commit
fc6b9ce0
authored
Nov 04, 2014
by
astaxie
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
fix #620 simple the sessionID generate
parent
c4d8e4a2
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
32 additions
and
49 deletions
+32
-49
session.go
session/session.go
+32
-49
No files found.
session/session.go
View file @
fc6b9ce0
...
...
@@ -28,19 +28,13 @@
package
session
import
(
"crypto/hmac"
"crypto/md5"
"crypto/rand"
"crypto/sha1"
"encoding/hex"
"encoding/json"
"fmt"
"io"
"net/http"
"net/url"
"time"
"github.com/astaxie/beego/utils"
)
// SessionStore contains all data for one session process with specific id.
...
...
@@ -86,11 +80,10 @@ type managerConfig struct {
Gclifetime
int64
`json:"gclifetime"`
Maxlifetime
int64
`json:"maxLifetime"`
Secure
bool
`json:"secure"`
SessionIDHashFunc
string
`json:"sessionIDHashFunc"`
SessionIDHashKey
string
`json:"sessionIDHashKey"`
CookieLifeTime
int
`json:"cookieLifeTime"`
ProviderConfig
string
`json:"providerConfig"`
Domain
string
`json:"domain"`
SessionIdLength
int64
`json:"sessionIdLength"`
}
// Manager contains Provider and its configuration.
...
...
@@ -129,11 +122,9 @@ func NewManager(provideName, config string) (*Manager, error) {
if
err
!=
nil
{
return
nil
,
err
}
if
cf
.
SessionIDHashFunc
==
""
{
cf
.
SessionIDHashFunc
=
"sha1"
}
if
cf
.
SessionIDHashKey
==
""
{
cf
.
SessionIDHashKey
=
string
(
generateRandomKey
(
16
))
if
cf
.
SessionIdLength
==
0
{
cf
.
SessionIdLength
=
16
}
return
&
Manager
{
...
...
@@ -144,11 +135,14 @@ func NewManager(provideName, config string) (*Manager, error) {
// Start session. generate or read the session id from http request.
// if session id exists, return SessionStore with this id.
func
(
manager
*
Manager
)
SessionStart
(
w
http
.
ResponseWriter
,
r
*
http
.
Request
)
(
session
SessionStore
)
{
cookie
,
err
:=
r
.
Cookie
(
manager
.
config
.
CookieName
)
if
err
!=
nil
||
cookie
.
Value
==
""
{
sid
:=
manager
.
sessionId
(
r
)
session
,
_
=
manager
.
provider
.
SessionRead
(
sid
)
func
(
manager
*
Manager
)
SessionStart
(
w
http
.
ResponseWriter
,
r
*
http
.
Request
)
(
session
SessionStore
,
err
error
)
{
cookie
,
errs
:=
r
.
Cookie
(
manager
.
config
.
CookieName
)
if
errs
!=
nil
||
cookie
.
Value
==
""
{
sid
,
errs
:=
manager
.
sessionId
(
r
)
if
errs
!=
nil
{
return
nil
,
errs
}
session
,
err
=
manager
.
provider
.
SessionRead
(
sid
)
cookie
=
&
http
.
Cookie
{
Name
:
manager
.
config
.
CookieName
,
Value
:
url
.
QueryEscape
(
sid
),
Path
:
"/"
,
...
...
@@ -163,12 +157,18 @@ func (manager *Manager) SessionStart(w http.ResponseWriter, r *http.Request) (se
}
r
.
AddCookie
(
cookie
)
}
else
{
sid
,
_
:=
url
.
QueryUnescape
(
cookie
.
Value
)
sid
,
errs
:=
url
.
QueryUnescape
(
cookie
.
Value
)
if
errs
!=
nil
{
return
nil
,
errs
}
if
manager
.
provider
.
SessionExist
(
sid
)
{
session
,
_
=
manager
.
provider
.
SessionRead
(
sid
)
session
,
err
=
manager
.
provider
.
SessionRead
(
sid
)
}
else
{
sid
=
manager
.
sessionId
(
r
)
session
,
_
=
manager
.
provider
.
SessionRead
(
sid
)
sid
,
err
=
manager
.
sessionId
(
r
)
if
err
!=
nil
{
return
nil
,
err
}
session
,
err
=
manager
.
provider
.
SessionRead
(
sid
)
cookie
=
&
http
.
Cookie
{
Name
:
manager
.
config
.
CookieName
,
Value
:
url
.
QueryEscape
(
sid
),
Path
:
"/"
,
...
...
@@ -219,7 +219,10 @@ func (manager *Manager) GC() {
// Regenerate a session id for this SessionStore who's id is saving in http request.
func
(
manager
*
Manager
)
SessionRegenerateId
(
w
http
.
ResponseWriter
,
r
*
http
.
Request
)
(
session
SessionStore
)
{
sid
:=
manager
.
sessionId
(
r
)
sid
,
err
:=
manager
.
sessionId
(
r
)
if
err
!=
nil
{
return
}
cookie
,
err
:=
r
.
Cookie
(
manager
.
config
.
CookieName
)
if
err
!=
nil
&&
cookie
.
Value
==
""
{
//delete old cookie
...
...
@@ -251,36 +254,16 @@ func (manager *Manager) GetActiveSession() int {
return
manager
.
provider
.
SessionAll
()
}
// Set hash function for generating session id.
func
(
manager
*
Manager
)
SetHashFunc
(
hasfunc
,
hashkey
string
)
{
manager
.
config
.
SessionIDHashFunc
=
hasfunc
manager
.
config
.
SessionIDHashKey
=
hashkey
}
// Set cookie with https.
func
(
manager
*
Manager
)
SetSecure
(
secure
bool
)
{
manager
.
config
.
Secure
=
secure
}
// generate session id with rand string, unix nano time, remote addr by hash function.
func
(
manager
*
Manager
)
sessionId
(
r
*
http
.
Request
)
(
sid
string
)
{
bs
:=
make
([]
byte
,
32
)
if
n
,
err
:=
io
.
ReadFull
(
rand
.
Reader
,
bs
);
n
!=
32
||
err
!=
nil
{
bs
=
utils
.
RandomCreateBytes
(
32
)
func
(
manager
*
Manager
)
sessionId
(
r
*
http
.
Request
)
(
string
,
error
)
{
b
:=
make
([]
byte
,
manager
.
config
.
SessionIdLength
)
n
,
err
:=
rand
.
Read
(
b
)
if
n
!=
len
(
b
)
||
err
!=
nil
{
return
""
,
fmt
.
Errorf
(
"Could not successfully read from the system CSPRNG."
)
}
sig
:=
fmt
.
Sprintf
(
"%s%d%s"
,
r
.
RemoteAddr
,
time
.
Now
()
.
UnixNano
(),
bs
)
if
manager
.
config
.
SessionIDHashFunc
==
"md5"
{
h
:=
md5
.
New
()
h
.
Write
([]
byte
(
sig
))
sid
=
hex
.
EncodeToString
(
h
.
Sum
(
nil
))
}
else
if
manager
.
config
.
SessionIDHashFunc
==
"sha1"
{
h
:=
hmac
.
New
(
sha1
.
New
,
[]
byte
(
manager
.
config
.
SessionIDHashKey
))
fmt
.
Fprintf
(
h
,
"%s"
,
sig
)
sid
=
hex
.
EncodeToString
(
h
.
Sum
(
nil
))
}
else
{
h
:=
hmac
.
New
(
sha1
.
New
,
[]
byte
(
manager
.
config
.
SessionIDHashKey
))
fmt
.
Fprintf
(
h
,
"%s"
,
sig
)
sid
=
hex
.
EncodeToString
(
h
.
Sum
(
nil
))
}
return
return
hex
.
EncodeToString
(
b
),
nil
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment