From 634f163e3f6292e658e61d0dd9e3c475d87b5d54 Mon Sep 17 00:00:00 2001 From: Tumushimire Yves Date: Sun, 12 Mar 2023 20:14:22 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=80=20[Feature]:=20SessionOnly=20when?= =?UTF-8?q?=20cookie.Expires=20is=200=20(#2152)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feature: session only for zero expire cookie #2145 * refactor condition to set MaxAge and Expire on cookie * move checking zero maxage and expire in session middleware Signed-off-by: Yves Tumushimire * feature: session only for zero expire cookie #2145 * refactor condition to set MaxAge and Expire on cookie * move checking zero maxage and expire in session middleware Signed-off-by: Yves Tumushimire * CR changes * some updates --------- Signed-off-by: Yves Tumushimire Co-authored-by: Muhammed Efe Çetin Co-authored-by: René Werner --- ctx_test.go | 8 ++++++++ docs/api/middleware/session.md | 5 +++++ middleware/session/config.go | 5 +++++ middleware/session/session.go | 8 ++++++-- 4 files changed, 24 insertions(+), 2 deletions(-) diff --git a/ctx_test.go b/ctx_test.go index cecef6ab9f..0bbd8351d0 100644 --- a/ctx_test.go +++ b/ctx_test.go @@ -721,6 +721,14 @@ func Test_Ctx_Cookie(t *testing.T) { cookie.MaxAge = 10000 c.Cookie(cookie) utils.AssertEqual(t, expect, string(c.Response().Header.Peek(HeaderSetCookie))) + + expect = "username=john; path=/; secure; SameSite=None" + // should remove expires and max-age headers when no expire and no MaxAge (default time) + cookie.SessionOnly = false + cookie.Expires = time.Time{} + cookie.MaxAge = 0 + c.Cookie(cookie) + utils.AssertEqual(t, expect, string(c.Response().Header.Peek(HeaderSetCookie))) } // go test -v -run=^$ -bench=Benchmark_Ctx_Cookie -benchmem -count=4 diff --git a/docs/api/middleware/session.md b/docs/api/middleware/session.md index c637f78219..6c746ceb49 100644 --- a/docs/api/middleware/session.md +++ b/docs/api/middleware/session.md @@ -134,6 +134,11 @@ type Config struct { // Optional. Default value "Lax". CookieSameSite string + // Decides whether cookie should last for only the browser sesison. + // Ignores Expiration if set to true + // Optional. Default value false. + CookieSessionOnly bool + // KeyGenerator generates the session key. // Optional. Default value utils.UUID KeyGenerator func() string diff --git a/middleware/session/config.go b/middleware/session/config.go index bee6c2d384..758db5538a 100644 --- a/middleware/session/config.go +++ b/middleware/session/config.go @@ -46,6 +46,11 @@ type Config struct { // Optional. Default value "Lax". CookieSameSite string + // Decides whether cookie should last for only the browser sesison. + // Ignores Expiration if set to true + // Optional. Default value false. + CookieSessionOnly bool + // KeyGenerator generates the session key. // Optional. Default value utils.UUIDv4 KeyGenerator func() string diff --git a/middleware/session/session.go b/middleware/session/session.go index 34ff67da98..fab7e4867b 100644 --- a/middleware/session/session.go +++ b/middleware/session/session.go @@ -197,8 +197,12 @@ func (s *Session) setSession() { fcookie.SetValue(s.id) fcookie.SetPath(s.config.CookiePath) fcookie.SetDomain(s.config.CookieDomain) - fcookie.SetMaxAge(int(s.exp.Seconds())) - fcookie.SetExpire(time.Now().Add(s.exp)) + // Cookies are also session cookies if they do not specify the Expires or Max-Age attribute. + // refer: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie + if !s.config.CookieSessionOnly { + fcookie.SetMaxAge(int(s.exp.Seconds())) + fcookie.SetExpire(time.Now().Add(s.exp)) + } fcookie.SetSecure(s.config.CookieSecure) fcookie.SetHTTPOnly(s.config.CookieHTTPOnly)