diff options
| author |   Simon Ser <[email protected]>
| 2019-12-11 12:54:00 +0100 |
|---|---|---|
| committer | Simon Ser <[email protected]>
| 2019-12-11 12:54:03 +0100 |
| commit | 86359156ee607bc3ddac99cf9a6295f8ff664482 (patch) | |
| tree | a921b9de2095b18e6b821b6d26dd9aa019980e21 /server.go | |
| parent | d8f411176fc63c8330987db2450c04b5c64b0dd9 (diff) | |
| download | alps-86359156ee607bc3ddac99cf9a6295f8ff664482.tar.gz alps-86359156ee607bc3ddac99cf9a6295f8ff664482.tar.bz2 alps-86359156ee607bc3ddac99cf9a6295f8ff664482.zip | |
Export Context.SetSession, unexport Session.Token
I'm uneasy exposing the token to plugins, I prefer to hide it if
possible to prevent mis-use.
This change allows plugins to logout users.
Diffstat (limited to 'server.go')
| -rw-r--r-- | server.go | 11 |
1 files changed, 6 insertions, 5 deletions
@@ -104,17 +104,18 @@ type Context struct { var aLongTimeAgo = time.Unix(233431200, 0) -func (c *Context) setToken(token string) { +func (ctx *Context) SetSession(s *Session) { cookie := http.Cookie{ Name: cookieName, - Value: token, HttpOnly: true, // TODO: domain, secure } - if token == "" { + if s != nil { + cookie.Value = s.token + } else { cookie.Expires = aLongTimeAgo // unset the cookie } - c.SetCookie(&cookie) + ctx.SetCookie(&cookie) } func isPublic(path string) bool { @@ -173,7 +174,7 @@ func New(e *echo.Echo, options *Options) error { ctx.Session, err = ctx.Server.sessions.Get(cookie.Value) if err == ErrSessionExpired { - ctx.setToken("") + ctx.SetSession(nil) return ctx.Redirect(http.StatusFound, "/login") } else if err != nil { return err |