In a Gorilla sessions implementation, session variables are not being maintained across requests. After logging in and setting the session variable, a new tab should maintain the session, but instead, users are redirected to the login page.
<code class="go">sessionNew.Save(req, res)</code>
This code is missing error handling for sessionNew.Save(). If the saving process fails, the error will be ignored, leading to unexpected behavior. It should be updated to:
<code class="go">err := sessionNew.Save(req, res) if err != nil { // Handle the error }</code>
The session path is set to "/loginSession", which limits the session's scope to only that specific path. This can cause confusion because users visiting other routes will not have access to the session. To ensure the session is available across all routes, the path should be set to "/".
In SessionHandler, the session check is performed after serving static files. This can cause issues because the static files are served before the session is validated. The session check should be performed before serving any content.
<code class="go">package main import ( "crypto/md5" "encoding/hex" "fmt" "github.com/gocql/gocql" "github.com/gorilla/mux" "github.com/gorilla/sessions" "net/http" "time" ) var store = sessions.NewCookieStore([]byte("something-very-secret")) var router = mux.NewRouter() func init() { store.Options = &sessions.Options{ Domain: "localhost", Path: "/", MaxAge: 3600 * 8, // 8 hours HttpOnly: true, } } func main() { //session handling router.HandleFunc("/", sessionHandler) router.HandleFunc("/signIn", signInHandler) router.HandleFunc("/signUp", signUpHandler) router.HandleFunc("/logOut", logOutHandler) http.Handle("/", router) http.ListenAndServe(":8100", nil) } //handler for signIn func signInHandler(res http.ResponseWriter, req *http.Request) { // Get the session session, err := store.Get(req, "loginSession") if err != nil { // Handle the error } // Set session values session.Values["email"] = req.FormValue("email") session.Values["name"] = req.FormValue("password") // Save the session err = session.Save(req, res) if err != nil { // Handle the error } } //handler for signUp func signUpHandler(res http.ResponseWriter, req *http.Request) { // ... } //handler for logOut func logOutHandler(res http.ResponseWriter, req *http.Request) { // Get the session session, err := store.Get(req, "loginSession") if err != nil { // Handle the error } // Save the session (with updated values) err = session.Save(req, res) if err != nil { // Handle the error } } //handler for Session func sessionHandler(res http.ResponseWriter, req *http.Request) { // Get the session session, err := store.Get(req, "loginSession") if err != nil { // Handle the error } // Check if the session is valid if session.Values["email"] == nil { http.Redirect(res, req, "html/login.html", http.StatusFound) } else { http.Redirect(res, req, "html/home.html", http.StatusFound) } }</code>
The above is the detailed content of Why Are My Golang Session Variables Not Being Saved in Gorilla Sessions?. For more information, please follow other related articles on the PHP Chinese website!