From 9dc1a96d817741632cb476456755a645b732db7d Mon Sep 17 00:00:00 2001
From: Joel Speed <Joel.speed@hotmail.co.uk>
Date: Wed, 29 May 2019 11:59:58 +0100
Subject: [PATCH] Check SaveSession works when an existing session is present

---
 pkg/sessions/redis/redis_store.go  |  9 +++++-
 pkg/sessions/session_store_test.go | 44 ++++++++++++++++++++++++------
 2 files changed, 44 insertions(+), 9 deletions(-)

diff --git a/pkg/sessions/redis/redis_store.go b/pkg/sessions/redis/redis_store.go
index 61aa1c7..b32d5c2 100644
--- a/pkg/sessions/redis/redis_store.go
+++ b/pkg/sessions/redis/redis_store.go
@@ -195,7 +195,14 @@ func (store *SessionStore) storeValue(value string, expiresOn time.Time, request
 	var ticket *TicketData
 	if requestCookie != nil {
 		var err error
-		ticket, err = decodeTicket(store.CookieOptions.CookieName, requestCookie.Value)
+		val, _, ok := cookie.Validate(requestCookie, store.CookieOptions.CookieSecret, store.CookieOptions.CookieExpire)
+		if !ok {
+			ticket, err = newTicket()
+			if err != nil {
+				return "", fmt.Errorf("error creating new ticket: %s", err)
+			}
+		}
+		ticket, err = decodeTicket(store.CookieOptions.CookieName, val)
 		if err != nil {
 			return "", err
 		}
diff --git a/pkg/sessions/session_store_test.go b/pkg/sessions/session_store_test.go
index 76722df..85e63b3 100644
--- a/pkg/sessions/session_store_test.go
+++ b/pkg/sessions/session_store_test.go
@@ -137,17 +137,45 @@ var _ = Describe("NewSessionStore", func() {
 
 	SessionStoreInterfaceTests := func(persistent bool) {
 		Context("when Save is called", func() {
-			BeforeEach(func() {
-				err := ss.Save(response, request, session)
-				Expect(err).ToNot(HaveOccurred())
+			Context("with no existing session", func() {
+				BeforeEach(func() {
+					err := ss.Save(response, request, session)
+					Expect(err).ToNot(HaveOccurred())
+				})
+
+				It("sets a `set-cookie` header in the response", func() {
+					Expect(response.Header().Get("set-cookie")).ToNot(BeEmpty())
+				})
+
+				It("Ensures the session CreatedAt is not zero", func() {
+					Expect(session.CreatedAt.IsZero()).To(BeFalse())
+				})
 			})
 
-			It("sets a `set-cookie` header in the response", func() {
-				Expect(response.Header().Get("set-cookie")).ToNot(BeEmpty())
-			})
+			Context("with an expired saved session", func() {
+				var err error
+				BeforeEach(func() {
+					By("saving a session")
+					req := httptest.NewRequest("GET", "http://example.com/", nil)
+					saveResp := httptest.NewRecorder()
+					err = ss.Save(saveResp, req, session)
+					Expect(err).ToNot(HaveOccurred())
 
-			It("Ensures the session CreatedAt is not zero", func() {
-				Expect(session.CreatedAt.IsZero()).To(BeFalse())
+					By("and clearing the session")
+					for _, c := range saveResp.Result().Cookies() {
+						request.AddCookie(c)
+					}
+					clearResp := httptest.NewRecorder()
+					err = ss.Clear(clearResp, request)
+					Expect(err).ToNot(HaveOccurred())
+
+					By("then saving a request with the cleared session")
+					err = ss.Save(response, request, session)
+				})
+
+				It("no error should occur", func() {
+					Expect(err).ToNot(HaveOccurred())
+				})
 			})
 
 			CheckCookieOptions()