server/beego
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix 5620: ensure cookie always use the config (#5621)

Browse Source
This commit is contained in:
Ming Deng 2024-03-31 21:25:28 +08:00 committed by GitHub
parent a287c2ba81
commit 97066459ed
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 9 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
server/web/session/session.go
View File

@ -287,7 +287,6 @@ func (manager *Manager) SessionRegenerateID(w http.ResponseWriter, r *http.Reque
} }
var session Store var session Store
cookie, err := r.Cookie(manager.config.CookieName) cookie, err := r.Cookie(manager.config.CookieName)
if err != nil || cookie.Value == "" { if err != nil || cookie.Value == "" {
// delete old cookie // delete old cookie
@ -298,41 +297,37 @@ func (manager *Manager) SessionRegenerateID(w http.ResponseWriter, r *http.Reque
cookie = &http.Cookie{ cookie = &http.Cookie{
Name: manager.config.CookieName, Name: manager.config.CookieName,
Value: url.QueryEscape(sid), Value: url.QueryEscape(sid),
Path: "/",
HttpOnly: !manager.config.DisableHTTPOnly,
Secure: manager.isSecure(r),
Domain: manager.config.Domain,
SameSite: manager.config.CookieSameSite,
} }
} else { } else {
oldsid, err := url.QueryUnescape(cookie.Value) oldsid, err := url.QueryUnescape(cookie.Value)
if err != nil { if err != nil {
return nil, err return nil, err
} }
session, err = manager.provider.SessionRegenerate(context.Background(), oldsid, sid) session, err = manager.provider.SessionRegenerate(context.Background(), oldsid, sid)
if err != nil { if err != nil {
return nil, err return nil, err
} }
cookie.Value = url.QueryEscape(sid) cookie.Value = url.QueryEscape(sid)
cookie.HttpOnly = true
cookie.Path = "/"
} }
if manager.config.CookieLifeTime > 0 { if manager.config.CookieLifeTime > 0 {
cookie.MaxAge = manager.config.CookieLifeTime cookie.MaxAge = manager.config.CookieLifeTime
cookie.Expires = time.Now().Add(time.Duration(manager.config.CookieLifeTime) * time.Second) cookie.Expires = time.Now().Add(time.Duration(manager.config.CookieLifeTime) * time.Second)
} }
cookie.HttpOnly = !manager.config.DisableHTTPOnly
cookie.Path = "/"
cookie.Secure = manager.isSecure(r)
cookie.Domain = manager.config.Domain
cookie.SameSite = manager.config.CookieSameSite
if manager.config.EnableSetCookie { if manager.config.EnableSetCookie {
http.SetCookie(w, cookie) http.SetCookie(w, cookie)
} }
r.AddCookie(cookie) r.AddCookie(cookie)
if manager.config.EnableSidInHTTPHeader { if manager.config.EnableSidInHTTPHeader {
r.Header.Set(manager.config.SessionNameInHTTPHeader, sid) r.Header.Set(manager.config.SessionNameInHTTPHeader, sid)
w.Header().Set(manager.config.SessionNameInHTTPHeader, sid) w.Header().Set(manager.config.SessionNameInHTTPHeader, sid)
} }
return session, nil return session, nil
} }