sessions icon indicating copy to clipboard operation
sessions copied to clipboard

Published 20 hours ago verified publisher icon gin-contrib

gob: decoding into local type *string, received remote type map[interface]interface

Open chances opened this issue 7 years ago • 7 comments

I've hit a wall with this error after attempting to load a key from the session. I create a Redis Store using a pre-existing pool and then utilize the session when handling authentication:

session.Set("AUTH_STATE", state)
session.Save()

In an OAuth callback handler I attempt to load the AUTH_STATE from the session (source):

v := session.Get("AUTH_STATE")
if v == nil {
  c.Error(errAuth.WithDetail("Auth state is nil"))
  c.Abort()
  return
}

The AUTH_STATE value is always nil and this error is reported to stderr:

gob: decoding into local type *string, received remote type map[interface]interface

Though it seems the error also occurs whenever the session is loaded at the beginning of every handler after the session is created. I noticed @boj encountered this error while creating redistore, but has since resolved the problem.

I've been banging my head on the table for days over this. I'd greatly appreciate any assistance.

chances avatar May 01 '17 03:05 chances

Did you manage to work this one out? Sounds a bit like a race condition

nazwa avatar May 08 '17 09:05 nazwa

@nazwa No, I'm still experiencing this issue. How do you figure? The session access always happens in a subsequent request after the initial request that set the AUTH_STATE in the first place.

It's simply a string value for use with an OAuth Authorization Grant:

  1. Login request handler in my application. Sets AUTH_STATE to randomly generated UUID
  2. Login request responds with a redirect to the OAuth service provider, passing along the generated state UUID as a query parameter.
  3. After the OAuth service provider authenticates the user it redirects back to my application. My complete handler accepts the state provided by the OAuth service provider in a query parameter and verifies that it matches the AUTH_STATE stored in the session.

chances avatar May 10 '17 22:05 chances

Ok. I'm away all week so can't test this myself, but could you try two things:

  1. Change the storage to memcache and cookie and see if the same problem occurs
  2. Try to use redis directly, so not through the session middleware, but yourself set redis value and then read it

If both of these work fine, then we'll have to look in more depth at this.

nazwa avatar May 11 '17 10:05 nazwa

@nazwa

  1. The problem does not occur with cookie storage. I have not tried with memcache
  2. Redis works wonderfully when used directly via garyburd/redigo

I'm working around this issue by using my own homegrown session store

chances avatar May 16 '17 04:05 chances

That's probably the best thing to do for now. I'll see if I can play with it over the next week to try and track it down.

nazwa avatar May 17 '17 09:05 nazwa

I've had the same problem recently.

yunboom avatar Mar 20 '23 11:03 yunboom

But it doesn't happen every time.

yunboom avatar Mar 20 '23 11:03 yunboom