From 02a33d95042201adfbd6b8c56ef8d71741ac5029 Mon Sep 17 00:00:00 2001 From: Jens-Uwe Mager Date: Thu, 12 Mar 2020 16:41:52 +0100 Subject: [PATCH 1/2] Added a MergeSession method to ease merging of sessions lost due to strict cookies across oauth2 login flows. --- data.go | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/data.go b/data.go index 99ccf08..60c108c 100644 --- a/data.go +++ b/data.go @@ -301,6 +301,44 @@ func (s *SessionManager) RenewToken(ctx context.Context) error { return nil } +// MergeSession is used to merge in data from a different session in case strict +// session tokens are lost across an oauth or similar redirect flows. Use Clear() +// if no values of the new session are to be used. +func (s *SessionManager) MergeSession(ctx context.Context, token string) error { + sd := s.getSessionDataFromContext(ctx) + + b, found, err := s.ContextStore.Find(ctx, token) + if err != nil { + return err + } else if !found { + return nil + } + + deadline, values, err := s.Codec.Decode(b) + if err != nil { + return err + } + + sd.mu.Lock() + defer sd.mu.Unlock() + + // If it is the same session, nothing needs to be done. + if sd.token == token { + return nil + } + + if deadline.After(sd.deadline) { + sd.deadline = deadline + } + + for k, v := range values { + sd.values[k] = v + } + + sd.status = Modified + return s.ContextStore.Delete(ctx, token) +} + // Status returns the current status of the session data. func (s *SessionManager) Status(ctx context.Context) Status { sd := s.getSessionDataFromContext(ctx) From fd3404d1a47d8cd4b11908cc988dd948a56aa715 Mon Sep 17 00:00:00 2001 From: Jens-Uwe Mager Date: Wed, 24 Nov 2021 21:29:39 +0100 Subject: [PATCH 2/2] Adapt to the new *Ctx() methods. --- data.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data.go b/data.go index 60c108c..8c31560 100644 --- a/data.go +++ b/data.go @@ -307,7 +307,7 @@ func (s *SessionManager) RenewToken(ctx context.Context) error { func (s *SessionManager) MergeSession(ctx context.Context, token string) error { sd := s.getSessionDataFromContext(ctx) - b, found, err := s.ContextStore.Find(ctx, token) + b, found, err := s.doStoreFind(ctx, token) if err != nil { return err } else if !found { @@ -336,7 +336,7 @@ func (s *SessionManager) MergeSession(ctx context.Context, token string) error { } sd.status = Modified - return s.ContextStore.Delete(ctx, token) + return s.doStoreDelete(ctx, token) } // Status returns the current status of the session data.