Make sure the cookie exists before we clear the session in redis
(cherry picked from commit 6d7f0ab57d
)
This commit is contained in:
parent
22199fa417
commit
c1ae0ca807
@ -148,13 +148,6 @@ func (store *SessionStore) loadSessionFromString(value string) (*sessions.Sessio
|
||||
// Clear clears any saved session information for a given ticket cookie
|
||||
// from redis, and then clears the session
|
||||
func (store *SessionStore) Clear(rw http.ResponseWriter, req *http.Request) error {
|
||||
requestCookie, _ := req.Cookie(store.CookieOptions.CookieName)
|
||||
|
||||
val, _, ok := cookie.Validate(requestCookie, store.CookieOptions.CookieSecret, store.CookieOptions.CookieExpire)
|
||||
if !ok {
|
||||
return fmt.Errorf("Cookie Signature not valid")
|
||||
}
|
||||
|
||||
// We go ahead and clear the cookie first, always.
|
||||
clearCookie := store.makeCookie(
|
||||
req,
|
||||
@ -164,6 +157,20 @@ func (store *SessionStore) Clear(rw http.ResponseWriter, req *http.Request) erro
|
||||
)
|
||||
http.SetCookie(rw, clearCookie)
|
||||
|
||||
// If there was an existing cookie we should clear the session in redis
|
||||
requestCookie, err := req.Cookie(store.CookieOptions.CookieName)
|
||||
if err != nil && err == http.ErrNoCookie {
|
||||
// No existing cookie so can't clear redis
|
||||
return nil
|
||||
} else if err != nil {
|
||||
return fmt.Errorf("error retrieving cookie: %v", err)
|
||||
}
|
||||
|
||||
val, _, ok := cookie.Validate(requestCookie, store.CookieOptions.CookieSecret, store.CookieOptions.CookieExpire)
|
||||
if !ok {
|
||||
return fmt.Errorf("Cookie Signature not valid")
|
||||
}
|
||||
|
||||
// We only return an error if we had an issue with redis
|
||||
// If there's an issue decoding the ticket, ignore it
|
||||
ticket, _ := decodeTicket(store.CookieOptions.CookieName, val)
|
||||
|
Loading…
Reference in New Issue
Block a user