go-packages/iris
1
0
Fork 0
mirror of https://github.com/kataras/iris.git synced 2025-03-14 08:26:26 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Test decoded cookie for empty strings

Browse Source 
Fixes up issue #698.
The input of `decodeCookieValue` is tested in case of there is an empty string, so then its output really reflect the validity of the input.
It takes in consideration that underlying decoder can unvalidate the cookie.

Former-commit-id: a82cccfe1c252c68ceeb4126ea43495fa2cdf96d
This commit is contained in:
corebreaker 2017-08-02 09:40:54 +03:00
parent d664f3f0d6
commit 8fded5f86d
1 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
sessions/sessions.go
View File

@ -101,7 +101,7 @@ func (s *Sessions) updateCookie(sid string, ctx context.Context, expires time.Du
// Start should start the session for the particular request.
func (s *Sessions) Start(ctx context.Context) *Session {
cookieValue := GetCookie(ctx, s.config.Cookie)
cookieValue := s.decodeCookieValue(GetCookie(ctx, s.config.Cookie))
if cookieValue == "" { // cookie doesn't exists, let's generate a session and add set a cookie
sid := s.config.SessionIDGenerator()
@ -114,7 +114,6 @@ func (s *Sessions) Start(ctx context.Context) *Session {
return sess
}
cookieValue = s.decodeCookieValue(cookieValue)
sess := s.provider.Read(cookieValue, s.config.Expires)
return sess
@ -127,12 +126,11 @@ func (s *Sessions) ShiftExpiraton(ctx context.Context) {
// UpdateExpiraton change expire date of a session to a new date by using timeout value passed by `expires` parameter
func (s *Sessions) UpdateExpiraton(ctx context.Context, expires time.Duration) {
cookieValue := GetCookie(ctx, s.config.Cookie)
cookieValue := s.decodeCookieValue(GetCookie(ctx, s.config.Cookie))
if cookieValue != "" {
sid := s.decodeCookieValue(cookieValue)
if s.provider.UpdateExpiraton(sid, expires) {
s.updateCookie(sid, ctx, expires)
if s.provider.UpdateExpiraton(cookieValue, expires) {
s.updateCookie(cookieValue, ctx, expires)
}
}
}
@ -172,7 +170,12 @@ func (s *Sessions) DestroyAll() {
// let's keep these funcs simple, we can do it with two lines but we may add more things in the future.
func (s *Sessions) decodeCookieValue(cookieValue string) string {
if cookieValue == "" {
return ""
}
var cookieValueDecoded *string
if decode := s.config.Decode; decode != nil {
err := decode(s.config.Cookie, cookieValue, &cookieValueDecoded)
if err == nil {
@ -181,6 +184,7 @@ func (s *Sessions) decodeCookieValue(cookieValue string) string {
cookieValue = ""
}
}
return cookieValue
}