Use SessionStore for session in proxy

2025-08-08 22:46:33 +02:00 · 2019-05-07 16:13:55 +01:00
parent 34cbe0497c
commit c61f3a1c65
4 changed files with 100 additions and 93 deletions
--- a/pkg/sessions/cookie/session_store.go
+++ b/pkg/sessions/cookie/session_store.go
@ -40,11 +40,14 @@ type SessionStore struct {
 // Save takes a sessions.SessionState and stores the information from it
 // within Cookies set on the HTTP response writer
 func (s *SessionStore) Save(rw http.ResponseWriter, req *http.Request, ss *sessions.SessionState) error {
+	if ss.CreatedAt.IsZero() {
+		ss.CreatedAt = time.Now()
+	}
 	value, err := utils.CookieForSession(ss, s.CookieCipher)
 	if err != nil {
 		return err
 	}
-	s.setSessionCookie(rw, req, value)
+	s.setSessionCookie(rw, req, value, ss.CreatedAt)
 	return nil
 }

@ -89,8 +92,8 @@ func (s *SessionStore) Clear(rw http.ResponseWriter, req *http.Request) error {
 }

 // setSessionCookie adds the user's session cookie to the response
-func (s *SessionStore) setSessionCookie(rw http.ResponseWriter, req *http.Request, val string) {
-	for _, c := range s.makeSessionCookie(req, val, s.CookieExpire, time.Now()) {
+func (s *SessionStore) setSessionCookie(rw http.ResponseWriter, req *http.Request, val string, created time.Time) {
+	for _, c := range s.makeSessionCookie(req, val, s.CookieExpire, created) {
 		http.SetCookie(rw, c)
 	}
 }
--- a/pkg/sessions/session_store_test.go
+++ b/pkg/sessions/session_store_test.go
@ -5,6 +5,8 @@ import (
 	"encoding/base64"
 	"net/http"
 	"net/http/httptest"
+	"strconv"
+	"strings"
 	"testing"
 	"time"

@ -72,6 +74,16 @@ var _ = Describe("NewSessionStore", func() {
 				}
 			})

+			It("have a signature timestamp matching session.CreatedAt", func() {
+				for _, cookie := range cookies {
+					if cookie.Value != "" {
+						parts := strings.Split(cookie.Value, "|")
+						Expect(parts).To(HaveLen(3))
+						Expect(parts[1]).To(Equal(strconv.Itoa(int(session.CreatedAt.Unix()))))
+					}
+				}
+			})
+
 		})
 	}

@ -86,6 +98,10 @@ var _ = Describe("NewSessionStore", func() {
 				Expect(response.Header().Get("set-cookie")).ToNot(BeEmpty())
 			})

+			It("Ensures the session CreatedAt is not zero", func() {
+				Expect(session.CreatedAt.IsZero()).To(BeFalse())
+			})
+
 			CheckCookieOptions()
 		})

@ -138,12 +154,15 @@ var _ = Describe("NewSessionStore", func() {

 					// Can't compare time.Time using Equal() so remove ExpiresOn from sessions
 					l := *loadedSession
+					l.CreatedAt = time.Time{}
 					l.ExpiresOn = time.Time{}
 					s := *session
+					s.CreatedAt = time.Time{}
 					s.ExpiresOn = time.Time{}
 					Expect(l).To(Equal(s))

 					// Compare time.Time separately
+					Expect(loadedSession.CreatedAt.Equal(session.CreatedAt)).To(BeTrue())
 					Expect(loadedSession.ExpiresOn.Equal(session.ExpiresOn)).To(BeTrue())
 				}
 			})