Fix https://github.com/kataras/iris/issues/244

2026-01-10 21:45:57 +00:00 · 2016-07-01 01:38:29 +03:00
parent 82d37c5c35
commit af67a97518
5 changed files with 25 additions and 9 deletions
--- a/sessions/manager.go
+++ b/sessions/manager.go
@@ -42,11 +42,15 @@ func newManager(c config.Sessions) (*Manager, error) {
 	if !found {
 		return nil, ErrProviderNotFound.Format(c.Provider)
 	}
+	if c.DecodeCookie {
+		c.Cookie = base64.URLEncoding.EncodeToString([]byte(c.Cookie)) // change the cookie's name/key to a more safe(?)
+		// get the real value for your tests by:
+		//sessIdKey := url.QueryEscape(base64.URLEncoding.EncodeToString([]byte(iris.Config.Sessions.Cookie)))
+	}

 	manager := &Manager{}
 	manager.config = &c
 	manager.provider = provider
-	manager.config.Cookie = base64.URLEncoding.EncodeToString([]byte(c.Cookie)) // change the cookie's name/key to a more safe
 	return manager, nil
 }

@@ -90,7 +94,7 @@ func (m *Manager) Start(ctx context.IContext) store.IStore {
 		cookie := fasthttp.AcquireCookie()
 		// The RFC makes no mention of encoding url value, so here I think to encode both sessionid key and the value using the safe(to put and to use as cookie) url-encoding
 		cookie.SetKey(m.config.Cookie)
-		cookie.SetValue(base64.URLEncoding.EncodeToString([]byte(sid)))
+		cookie.SetValue(sid)
 		cookie.SetPath("/")
 		if !m.config.DisableSubdomainPersistence {
 			requestDomain := ctx.HostString()
@@ -132,8 +136,7 @@ func (m *Manager) Start(ctx context.IContext) store.IStore {
 		requestCtx.Response.Header.SetCookie(cookie)
 		fasthttp.ReleaseCookie(cookie)
 	} else {
-		sid, _ := base64.URLEncoding.DecodeString(cookieValue)
-		store, _ = m.provider.Read(string(sid))
+		store, _ = m.provider.Read(cookieValue)
 	}

 	m.mu.Unlock()
@@ -149,9 +152,7 @@ func (m *Manager) Destroy(ctx context.IContext) {

 	m.mu.Lock()
 	m.provider.Destroy(cookieValue)
-
 	ctx.RemoveCookie(m.config.Cookie)
-
 	m.mu.Unlock()
 }

--- a/sessions/provider.go
+++ b/sessions/provider.go
@@ -55,9 +55,12 @@ func (p *Provider) Init(sid string) (store.IStore, error) {

 // Read returns the store which sid parameter is belongs
 func (p *Provider) Read(sid string) (store.IStore, error) {
+	p.mu.Lock()
 	if elem, found := p.sessions[sid]; found {
+		p.mu.Unlock() // yes defer is slow
 		return elem.Value.(store.IStore), nil
 	}
+	p.mu.Unlock()
 	// if not found
 	sessionStore, err := p.Init(sid)
 	return sessionStore, err
@@ -66,12 +69,13 @@ func (p *Provider) Read(sid string) (store.IStore, error) {

 // Destroy always returns a nil error, for now.
 func (p *Provider) Destroy(sid string) error {
+	p.mu.Lock()
 	if elem, found := p.sessions[sid]; found {
 		elem.Value.(store.IStore).Destroy()
 		delete(p.sessions, sid)
 		p.list.Remove(elem)
 	}
-
+	p.mu.Unlock()
 	return nil
 }

--- a/sessions/providers/memory/store.go
+++ b/sessions/providers/memory/store.go
@@ -102,7 +102,10 @@ func (s *Store) SetLastAccessedTime(lastacc time.Time) {
 	s.lastAccessedTime = lastacc
 }

-// Destroy does nothing here, to destroy the session use the manager's .Destroy func
+// Destroy
 func (s *Store) Destroy() {
-	// nothing
+	// clears without provider's update.
+	for key := range s.values {
+		delete(s.values, key)
+	}
 }
--- a/sessions/providers/redis/redisstore.go
+++ b/sessions/providers/redis/redisstore.go
@@ -173,4 +173,8 @@ func (s *Store) SetLastAccessedTime(lastacc time.Time) {
 func (s *Store) Destroy() {
 	// remove the whole  value which is the s.values from real redis
 	redis.Delete(s.sid)
+	for key := range s.values {
+		delete(s.values, key)
+	}
+
 }