sessions icon indicating copy to clipboard operation
sessions copied to clipboard

Published 20 hours ago verified publisher icon gin-contrib

Store-level options not honored

Open vibridi opened this issue 4 years ago • 1 comments

Not sure if I'm looking at this correctly.

Let's say I have a cookie store "github.com/gin-contrib/sessions/cookie".NewStore(...) and I set some options on it with Options(). The options are set to the embedded CookieStore object, as:

// github.com/gin-contrib/sessions/cookie/cookie.go
func (c *store) Options(options sessions.Options) {
	c.CookieStore.Options = &gsessions.Options{
		Path:     options.Path,
		Domain:   options.Domain,
		MaxAge:   options.MaxAge,
		Secure:   options.Secure,
		HttpOnly: options.HttpOnly,
	}
}

Later I use the store to set some values:

         // my own code
	session := sessions.Default(c)
	session.Set("key", 1234)
	err := session.Save()
        ...

However the options are not honored. By looking at the implementation of the Save method:

// github.com/gorilla/sessions/store.go
// Save adds a single session to the response.
func (s *CookieStore) Save(r *http.Request, w http.ResponseWriter, session *Session) error {
	encoded, err := securecookie.EncodeMulti(session.Name(), session.Values,
		s.Codecs...)
	if err != nil {
		return err
	}
	http.SetCookie(w, NewCookie(session.Name(), encoded, session.Options))
	return nil
}

The options passed to http.SetCookie are always the session.Options. Those set earlier on the CookieStore are ignored.

Is this an intended behavior? Should I post this issue on the github.com/gorilla/sessions project? Thanks

vibridi avatar Dec 03 '19 10:12 vibridi

Same here, I can't set the domain of my cookie...

izanagi1995 avatar Oct 28 '20 07:10 izanagi1995