[Bug] RedisStore.new(req, "session-key") does not override existing cookie

[henriklovhaug]

If a users sends a web request with for example an old cookie, or any key, it will be the id stored in the redis database. Shouldn't the save function following a New() call override the cookie id?

req, _ := http.NewRequest("GET", "http://www.example.com", nil)
req.Header.Set("Cookie", "session-key=a")
w := httptest.NewRecorder()

 // Get session
session, err := store.New(req, "session-key")
if err != nil {
    log.Fatal("failed getting session: ", err)
}

// Add a value
session.Values["foo"] = "bar"

// Save session
if err = sessions.Save(req, w); err != nil {
    log.Fatal("failed saving session: ", err)
}
   
// w set-cookie will be "session-key=a", rather than a random generated one.