goth icon indicating copy to clipboard operation
goth copied to clipboard
verified publisher icon markbates

Updating dependencies breaks login: securecookie: hash key is not set

Open lesichkovm opened this issue 2 years ago • 3 comments

Not sure why you need the gorilla/sessions package but updating the intenal depemdencies to the latest version breaks gothic login:

github.com/gorilla/securecookie v1.1.1 // indirect
github.com/gorilla/sessions v1.2.2 // indirect

Upgrading to:

github.com/gorilla/securecookie v1.1.2 // indirect
github.com/gorilla/sessions v1.2.1 // indirect

Causes the login to fail with the message displayed on the screen

securecookie: hash key is not set

In addition the following message is displayed:

goth/gothic: no SESSION_SECRET environment variable is set. The default cookie store is not available and any calls will fail. Ignore this warning if you are using a different store.

Note! I do not use the default cookie store, so I ignore this message.

lesichkovm avatar Apr 20 '24 11:04 lesichkovm

I updated gorilla sessions and securecookie and hit this error. Adding a block key in the call to sessions.NewCookieStore fixed it. So do

sessions.NewCookieStore([]byte(sessionKey), []byte(sessionBlockKey))

instead of

sessions.NewCookieStore([]byte(sessionKey)))

akclace avatar Dec 15 '24 20:12 akclace

Until there is a resolution. For anyone having this issue, the currently working combination is:

github.com/gorilla/securecookie v1.1.1 // indirect
github.com/gorilla/sessions v1.1.1 // indirect

lesichkovm avatar Jan 18 '25 03:01 lesichkovm

@markbates can we get this fixed, it very annoying, login breaks every time you update the dependencies

lesichkovm avatar Mar 23 '25 23:03 lesichkovm