go-packages/iris
1
0
Fork 0
mirror of https://github.com/kataras/iris.git synced 2025-01-23 18:51:03 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix when destroy session can't remove cookie in subdomain

Browse Source 
Former-commit-id: 6ad05d62e03233c61a54f11c36867041ecba3f4d
This commit is contained in:
Chengyumeng 2018-04-04 15:25:00 +08:00
parent 989cb3f045
commit 8f32e991e8
2 changed files with 41 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
sessions/cookie.go
View File

@ -41,20 +41,52 @@ func AddCookie(ctx context.Context, cookie *http.Cookie, reclaim bool) {
// RemoveCookie deletes a cookie by it's name/key // RemoveCookie deletes a cookie by it's name/key
// If "purge" is true then it removes the, temp, cookie from the request as well. // If "purge" is true then it removes the, temp, cookie from the request as well.
func RemoveCookie(ctx context.Context, name string, purge bool) { func RemoveCookie(ctx context.Context, config Config) {
c, err := ctx.Request().Cookie(name) cookie, err := ctx.Request().Cookie(config.Cookie)
if err != nil { if err != nil {
return return
} }
c.Expires = CookieExpireDelete cookie.Expires = CookieExpireDelete
// MaxAge<0 means delete cookie now, equivalently 'Max-Age: 0' // MaxAge<0 means delete cookie now, equivalently 'Max-Age: 0'
c.MaxAge = -1 cookie.MaxAge = -1
c.Value = "" cookie.Value = ""
c.Path = "/" cookie.Path = "/"
AddCookie(ctx, c, purge)
if purge { if !config.DisableSubdomainPersistence {
requestDomain := ctx.Host()
if portIdx := strings.IndexByte(requestDomain, ':'); portIdx > 0 {
requestDomain = requestDomain[0:portIdx]
}
if IsValidCookieDomain(requestDomain) {
// RFC2109, we allow level 1 subdomains, but no further
// if we have localhost.com , we want the localhost.cos.
// so if we have something like: mysubdomain.localhost.com we want the localhost here
// if we have mysubsubdomain.mysubdomain.localhost.com we want the .mysubdomain.localhost.com here
// slow things here, especially the 'replace' but this is a good and understable( I hope) way to get the be able to set cookies from subdomains & domain with 1-level limit
if dotIdx := strings.LastIndexByte(requestDomain, '.'); dotIdx > 0 {
// is mysubdomain.localhost.com || mysubsubdomain.mysubdomain.localhost.com
s := requestDomain[0:dotIdx] // set mysubdomain.localhost || mysubsubdomain.mysubdomain.localhost
if secondDotIdx := strings.LastIndexByte(s, '.'); secondDotIdx > 0 {
//is mysubdomain.localhost || mysubsubdomain.mysubdomain.localhost
s = s[secondDotIdx+1:] // set to localhost || mysubdomain.localhost
}
// replace the s with the requestDomain before the domain's siffux
subdomainSuff := strings.LastIndexByte(requestDomain, '.')
if subdomainSuff > len(s) { // if it is actual exists as subdomain suffix
requestDomain = strings.Replace(requestDomain, requestDomain[0:subdomainSuff], s, 1) // set to localhost.com || mysubdomain.localhost.com
}
}
// finally set the .localhost.com (for(1-level) || .mysubdomain.localhost.com (for 2-level subdomain allow)
cookie.Domain = "." + requestDomain // . to allow persistence
}
}
AddCookie(ctx, cookie, config.AllowReclaim)
if config.AllowReclaim {
// delete request's cookie also, which is temporary available. // delete request's cookie also, which is temporary available.
ctx.Request().Header.Set("Cookie", "") ctx.Request().Header.Set("Cookie", "")
} }

2
sessions/sessions.go
View File

@ -147,7 +147,7 @@ func (s *Sessions) Destroy(ctx context.Context) {
if cookieValue == "" { // nothing to destroy if cookieValue == "" { // nothing to destroy
return return
} }
RemoveCookie(ctx, s.config.Cookie, s.config.AllowReclaim) RemoveCookie(ctx, s.config)
s.provider.Destroy(cookieValue) s.provider.Destroy(cookieValue)
} }