Matt Silverlock
Matt Silverlock
We can probably drop Go 1.8 and below at this point, and make a minor version bump as part of that change. Handling both encodings with a magic byte/prefix is...
(@ me on this thread when you are ready for a full review - my schedule is packed right now but I will make sure to respond on this)
Having taken a look at this, it might make more sense to: • Version the encoding, so we know which encoding scheme is in use. • Use AES-GCM (-SIV) as...
> I don't understand what do you mean. Any data passed to Encode will be encoded as "compact" if seccookie.Compact(true) were called. We could just support the old format on...
Beyond that, my overall comment is that in the drive for optimizing this, we now have more code to maintain, and a custom scheme. I would strongly prefer to use...
Don’t ignore the error here: store, _ = redistore.NewRediStore(c.Redis.Db, "tcp", c.Redis.Addr, "", []byte("secret-keyS"))
What does *your* code do here? It’s the handler code that decides how to handle the error returned from store.Get.
The store shouldn't matter here: your handler code determines how to handle the error when a store (any store!) can't decode an existing session due to key changes. You posted...
Is there no stack trace printed at all?
I didn't write the original code, but it seems like a short-circuit return and/or better nil handling from store implementations would solve this.