Skip to content

Commit 2d38cfa

Browse files
frikkyfrikky
authored
Merge pull request #236 from P4sca1/cookies-after-api-authentication
use cookie helpers in HandleApiAuthentication to correctly set HttpOnly and Secure
2 parents d0f2bc3 + b0d5fbe commit 2d38cfa

File tree

1 file changed

+4
-31
lines changed

1 file changed

+4
-31
lines changed

shared.go

Lines changed: 4 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -3313,25 +3313,12 @@ func HandleApiAuthentication(resp http.ResponseWriter, request *http.Request) (U
33133313
if err == nil {
33143314
sessionToken := c.Value
33153315

3316-
newCookie := &http.Cookie{
3317-
Name: "session_token",
3318-
Value: sessionToken,
3319-
Expires: time.Now().Add(-100 * time.Hour),
3320-
MaxAge: -1,
3321-
Path: "/",
3322-
}
3323-
3324-
if project.Environment == "cloud" {
3325-
newCookie.Domain = ".shuffler.io"
3326-
newCookie.Secure = true
3327-
newCookie.HttpOnly = true
3328-
}
3329-
33303316
user, err := GetSessionNew(ctx, sessionToken)
33313317
if err != nil {
33323318
log.Printf("[WARNING] No valid session token for ID %s. Setting cookie to expire. May cause fallback problems.", sessionToken)
33333319

33343320
if resp != nil {
3321+
newCookie := constructSessionDeleteCookie()
33353322
http.SetCookie(resp, newCookie)
33363323

33373324
newCookie.Name = "__session"
@@ -3342,8 +3329,8 @@ func HandleApiAuthentication(resp http.ResponseWriter, request *http.Request) (U
33423329
} else {
33433330
// Check if both session tokens are set
33443331
// Compatibility issues
3345-
//expiration := time.Now().Add(8 * time.Hour
3346-
newCookie.Expires = c.Expires
3332+
//expiration := time.Now().Add(8 * time.Hour)
3333+
newCookie := ConstructSessionCookie(sessionToken, c.Expires)
33473334
newCookie.MaxAge = c.MaxAge
33483335

33493336
_, err1 := request.Cookie("session_token")
@@ -3366,22 +3353,8 @@ func HandleApiAuthentication(resp http.ResponseWriter, request *http.Request) (U
33663353
}
33673354

33683355
if len(user.Id) == 0 && len(user.Username) == 0 {
3369-
3370-
newCookie := &http.Cookie{
3371-
Name: "session_token",
3372-
Value: sessionToken,
3373-
Expires: time.Now().Add(-100 * time.Hour),
3374-
MaxAge: -1,
3375-
Path: "/",
3376-
}
3377-
3378-
if project.Environment == "cloud" {
3379-
newCookie.Domain = ".shuffler.io"
3380-
newCookie.Secure = true
3381-
newCookie.HttpOnly = true
3382-
}
3383-
33843356
if resp != nil {
3357+
newCookie := constructSessionDeleteCookie()
33853358
http.SetCookie(resp, newCookie)
33863359

33873360
newCookie.Name = "__session"

0 commit comments

Comments
 (0)