Open
Description
Say I have these two functions for my framework where I need to respawn the session if someone already has session values but chose Remember Me at login. I'm trying to respawn a new session with the old attributes and a new, longer, expiration time:
// New generates a new session for the context. If a session
// already exists it will be discarded.
func New(c context.Context, options *session.SessOptions) {
Delete(c)
session.Add(session.NewSessionOptions(options), c.ResponseWriter())
}
// Delete the session.
func Delete(c context.Context) {
if sess := session.Get(c.Request()); nil != sess {
session.Remove(sess, c.ResponseWriter())
}
}Even tho I expect a delete and an add, the session-logger tells me one is deleted but two times shows me added. When I dump the internal sessions it still has the old (deleted) session too with it's old variables.
The following code is used in my login page (sessiondb is simply a small layer to automatise session existences checks):
if form.IsValid() {
// If already had a session; need to migrate for remember me new session timeout
var attrs map[string]interface{}
if sessiondb.Exists(c) {
attrs = sessiondb.GetAll(c)
}
var expiration time.Duration
if "1" == form.Field("rememberMe").Value {
expiration = time.Second * time.Duration(globals.RememberMeExpiration)
} else {
expiration = time.Second * time.Duration(globals.CookieExpiration)
}
sessiondb.New(c, &session.SessOptions{
Timeout: expiration,
Attrs: attrs,
})
sessiondb.Set(c, "UserID", id)
if referer := sessiondb.Get(c, "LoginReferer"); nil != referer {
sessiondb.Unset(c, "LoginReferer")
c.Redirect(referer.(string))
} else {
c.Redirect("/")
}
return
}In the above case;
- the old session still exists with only
LoginReferer - the new session exists with
UserIDandLoginReferer, which of course is consumed again right away if it was set to jump back to where to user was before being bounced to the login page (e.a. authorised environment)
Metadata
Metadata
Assignees
Labels
No labels