Session cookie key is now configurable

- Added [web] cookie.auth.key to configuration - Inbucket generates a random key if none is configured - Added [default] default.domain to be reference by SMTP and POP3 configs - Updated default/sample config files
2026-05-14 17:43:49 +00:00 · 2016-02-27 15:43:44 -08:00
parent 5e15300d02
commit bbfdd4216f
8 changed files with 78 additions and 25 deletions
--- a/httpd/context.go
+++ b/httpd/context.go
@@ -43,14 +43,21 @@ func headerMatch(req *http.Request, name string, value string) bool {
 func NewContext(req *http.Request) (*Context, error) {
 	vars := mux.Vars(req)
 	sess, err := sessionStore.Get(req, "inbucket")
+	if err != nil {
+		if sess == nil {
+			// No session, must fail
+			return nil, err
+		} else {
+			// The session cookie was probably signed by an old key, ignore it
+			// gorilla created an empty session for us
+			err = nil
+		}
+	}
 	ctx := &Context{
 		Vars:      vars,
 		Session:   sess,
 		DataStore: DataStore,
 		IsJSON:    headerMatch(req, "Accept", "application/json"),
 	}
-	if err != nil {
-		return ctx, err
-	}
 	return ctx, err
 }