Fix ticket retrieval with an invalid ticket
(cherry picked from commit 66bbf146ec
)
This commit is contained in:
parent
3155ada287
commit
22199fa417
@ -192,26 +192,9 @@ func (store *SessionStore) makeCookie(req *http.Request, value string, expires t
|
||||
}
|
||||
|
||||
func (store *SessionStore) storeValue(value string, expiration time.Duration, requestCookie *http.Cookie) (string, error) {
|
||||
var ticket *TicketData
|
||||
if requestCookie != nil {
|
||||
var err error
|
||||
val, _, ok := cookie.Validate(requestCookie, store.CookieOptions.CookieSecret, store.CookieOptions.CookieExpire)
|
||||
if !ok {
|
||||
ticket, err = newTicket()
|
||||
ticket, err := store.getTicket(requestCookie)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("error creating new ticket: %s", err)
|
||||
}
|
||||
}
|
||||
ticket, err = decodeTicket(store.CookieOptions.CookieName, val)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
} else {
|
||||
var err error
|
||||
ticket, err = newTicket()
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("error creating new ticket: %s", err)
|
||||
}
|
||||
return "", fmt.Errorf("error getting ticket: %v", err)
|
||||
}
|
||||
|
||||
ciphertext := make([]byte, len(value))
|
||||
@ -232,6 +215,24 @@ func (store *SessionStore) storeValue(value string, expiration time.Duration, re
|
||||
return ticket.encodeTicket(store.CookieOptions.CookieName), nil
|
||||
}
|
||||
|
||||
// getTicket retrieves an existing ticket from the cookie if present,
|
||||
// or creates a new ticket
|
||||
func (store *SessionStore) getTicket(requestCookie *http.Cookie) (*TicketData, error) {
|
||||
if requestCookie == nil {
|
||||
return newTicket()
|
||||
}
|
||||
|
||||
// An existing cookie exists, try to retrieve the ticket
|
||||
val, _, ok := cookie.Validate(requestCookie, store.CookieOptions.CookieSecret, store.CookieOptions.CookieExpire)
|
||||
if !ok {
|
||||
// Cookie is invalid, create a new ticket
|
||||
return newTicket()
|
||||
}
|
||||
|
||||
// Valid cookie, decode the ticket
|
||||
return decodeTicket(store.CookieOptions.CookieName, val)
|
||||
}
|
||||
|
||||
func newTicket() (*TicketData, error) {
|
||||
rawID := make([]byte, 16)
|
||||
if _, err := io.ReadFull(rand.Reader, rawID); err != nil {
|
||||
|
Loading…
Reference in New Issue
Block a user