This commit is contained in:
Josh Holloway 2015-07-08 12:31:02 +01:00
parent 4c9cf6b101
commit ad7b0ee0eb
2 changed files with 35 additions and 3 deletions

View File

@ -3,13 +3,14 @@ package pgstore
import ( import (
"database/sql" "database/sql"
"encoding/base32" "encoding/base32"
"net/http"
"strings"
"time"
"github.com/coopernurse/gorp" "github.com/coopernurse/gorp"
"github.com/gorilla/securecookie" "github.com/gorilla/securecookie"
"github.com/gorilla/sessions" "github.com/gorilla/sessions"
_ "github.com/lib/pq" _ "github.com/lib/pq"
"net/http"
"strings"
"time"
) )
type PGStore struct { type PGStore struct {
@ -123,6 +124,18 @@ func (db *PGStore) Save(r *http.Request, w http.ResponseWriter, session *session
return nil return nil
} }
// MaxLength restricts the maximum length of new sessions to l.
// If l is 0 there is no limit to the size of a session, use with caution.
// The default for a new PGStore is 4096. PostgreSQL allows for max
// value sizes of up to 1GB (http://www.postgresql.org/docs/current/interactive/datatype-character.html)
func (s *PGStore) MaxLength(l int) {
for _, c := range s.Codecs {
if codec, ok := c.(*securecookie.SecureCookie); ok {
codec.MaxLength(l)
}
}
}
//load fetches a session by ID from the database and decodes its content into session.Values //load fetches a session by ID from the database and decodes its content into session.Values
func (db *PGStore) load(session *sessions.Session) error { func (db *PGStore) load(session *sessions.Session) error {
var s Session var s Session

View File

@ -1,6 +1,7 @@
package pgstore package pgstore
import ( import (
"encoding/base64"
"net/http" "net/http"
"os" "os"
"testing" "testing"
@ -99,6 +100,24 @@ func TestPGStore(t *testing.T) {
t.Fatal("Retrieved session had wrong value in round 3:", session.Values["counter"]) t.Fatal("Retrieved session had wrong value in round 3:", session.Values["counter"])
} }
// ROUND 3 - Increase max length
req, err = http.NewRequest("GET", "http://www.example.com", nil)
if err != nil {
t.Fatal("failed to create round 3 request", err)
}
req.AddCookie(sessions.NewCookie(session.Name(), encoded, session.Options))
session, err = ss.New(req, "my session")
session.Values["big"] = make([]byte, base64.StdEncoding.DecodedLen(4096*2))
if err = ss.Save(req, headerOnlyResponseWriter(m), session); err == nil {
t.Fatal("expected an error, got nil")
}
ss.MaxLength(4096 * 3) // A bit more than the value size to account for encoding overhead.
if err = ss.Save(req, headerOnlyResponseWriter(m), session); err != nil {
t.Fatal("Failed to save session:", err.Error())
}
} }
func TestSessionOptionsAreUniquePerSession(t *testing.T) { func TestSessionOptionsAreUniquePerSession(t *testing.T) {