如何在Cookie中通过地图传递多个值

Got stuck while passing multiple values in cookie. I'm not able to find a better way for managing session and cookies. Trying to use github.com/gorilla/securecookie this package.

loginMain.go

package main

import (
    "database/sql"
    "log"
    "net/http"
    "shambhavi/packages/loginPkg"   
    _ "github.com/go-sql-driver/mysql"
    "github.com/gorilla/mux"
)

var router = mux.NewRouter()
var db *sql.DB

func connectDb() *sql.DB {
    db, dberr := sql.Open("mysql", "root:root@tcp(127.0.0.1:8889)/shambhavi_db")
    if dberr != nil {
        log.Println(dberr)
    }
    return db
}
func login(w http.ResponseWriter, r *http.Request) {
    var db *sql.DB = connectDb()
    loginPkg.LoginOperation(w, r, db)

}

func main() {
    http.HandleFunc("/demo", login)
    http.Handle("/", router)
    err := http.ListenAndServe(port, nil) // setting listening port
if err != nil {
    log.Fatal("ListenAndServe: ", err)
}
}

LoginPkg.go

package loginPkg

import (
    "database/sql"
    "encoding/json"
    "fmt"
    "net/http"
    "shambhavi/packages/sessionPkg"

    _ "github.com/go-sql-driver/mysql"
)

var retMap = make(map[string]string)

func ErrorHandler(err error) {
    if err != nil {
        panic(err)
    }
}

func LoginOperation(w http.ResponseWriter, r *http.Request, db *sql.DB) {
    fmt.Println("In LoginOperation ")
    r.ParseForm()
    if len(r.Form["username"][0]) == 0 && len(r.Form["password"][0]) == 0 {
        fmt.Fprintf(w, "Something is blank !!!")
    } else {
        var lvl string
        var uFullName string
        err := db.QueryRow("SELECT lvl_flag FROM admin_instance WHERE user_name = ? AND passwd = ?", r.FormValue("username"), r.FormValue("password")).Scan(&lvl)

        er := db.QueryRow("SELECT emp_name FROM emp_detail WHERE emp_uname = ?", r.FormValue("username")).Scan(&uFullName)
        ErrorHandler(er)
        retMap["msg"] = "Login successfully"
        retMap["err"] = "Not Login"
        retMap["lvl"] = lvl
        retMap["fullName"] = uFullName
        b, _ := json.Marshal(retMap)
        if err != nil {
            fmt.Println(err)
            fmt.Fprintf(w, "%s", b)

        } else {
            if lvl == "1" || lvl == "2" || lvl == "3" {
                sessionPkg.SetSession(w, r, r.FormValue("username"), retMap) // Passing map to the fun, retMap
                fmt.Fprintf(w, "%s", b)
                usrnm := sessionPkg.GetUserName(r)
                fmt.Println("From session variable", usrnm)
            } else {
                fmt.Println("Chukala ....")
                fmt.Fprintf(w, "%s", b)
            }   
        }
    }
    defer db.Close()
}

The problem lies in following file....

sessionHandler.go

package sessionPkg

import (
    "fmt"
    "net/http"
    "time"

    "github.com/gorilla/securecookie"
)

var cookieHandler = securecookie.New(
    securecookie.GenerateRandomKey(64),
    securecookie.GenerateRandomKey(32))


func SetSession(w http.ResponseWriter, r *http.Request, username string, retMap map[string]string) {

    sessionData := map[string]string{
        "userName": username,
        "lvl":      retMap["lvl"],
        "fullName": retMap["fullName"],
    }

    expiration := time.Now().Add(365 * 24 * time.Hour)

    //if encoded, err := cookieHandler.Encode("session", sessionData); err == nil {
    cookie := http.Cookie{
        Name:    "session",
        Value:   sessionData["userName"], //Here i want map or something else that can accept multiple values
        Expires: expiration,
        //MaxAge: 3600,
    }

    http.SetCookie(w, &cookie)
    //}
}

func GetUserName(request *http.Request) (userName string) {
    //fmt.Println(request.Cookie("session"))
    cookieValue := make(map[string]string)
    if cookie, err := request.Cookie("session"); err == nil {

        fmt.Println("cookieValue = ", cookie.Value)
        //if err = cookieHandler.Decode("session", cookie.Value, &cookieValue); err == nil {
        //fmt.Println(cookie)
        cookieValue["userName"] = cookie.Value
        //fmt.Println(cookieValue["userName"])
        //}
        /*else {
            fmt.Println("Error ", err)
        }*/
    }
    return cookieValue["userName"]
}

/*func GetFullName(request *http.Request) (fullName string) {
    fmt.Println("In GetFullName")
    cookieValue := make(map[string]string)
    if cookie2, err := request.Cookie("session"); err == nil {

        fmt.Println("cookieValue = ", cookie2.Value)
        //if err = cookieHandler.Decode("session", cookie.Value, &cookieValue); err == nil {
        fmt.Println(cookie2)
        cookieValue["fullName"] = cookie2.Value
        fmt.Println(cookieValue["fullName"])
        //}
    }
    return cookieValue["fullName"]
}*/

func ClearSession(response http.ResponseWriter) {
    cookie := &http.Cookie{
        Name:   "session",
        Value:  "",
        Path:   "/",
        MaxAge: -1,
    }
    http.SetCookie(response, cookie)
}

Problem indicated in code by comment. I want to use session like in PHP. Suggest the better way to secure the cookie and maintain the session. Give some explanation too.

Edited: Explain cookieHandler.Encode() and cookieHandler.Decode(). It is not decoding the data which is passed to it.

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

duanhuang7591 2015-10-26 08:02

关注

var retMap = make(map[string]string) is a global map that you both read and write to, which is unsafe: when you have more than one user concurrently you will be overwriting the contents of this map.

You aren't using the securecookie package to encode your cookie values at all - in fact it's not clear where you're using it at all.

cookie := http.Cookie{
    Name:    "session",
    // This should be encoded.
    Value:   sessionData["userName"], //Here i want map or something else that can accept multiple values
    Expires: expiration,
    //MaxAge: 3600,
}

Too many packages: you have a loginpackage, a sessionpackage and a package main. Packages should fulfil a 'theme' - an auth package might make more sense, or even just a single package main until you get more familiar with Go.
You're not hashing your passwords - storing the plain text password in the database and looking it up with the value of r.FormValue("password") is extremely insecure. Read this to see how to hash passwords safely in Go: Golang/App Engine - securely hashing a user's password
You should be using the gorilla/sessions package rather than the lower-level securecookie package.

Modifying the gorilla/sessions example in the documentation:

package main

import (
    "net/http"
    "github.com/gorilla/sessions"
)

// Use the CookieStore
var store = sessions.NewCookieStore([]byte("something-very-secret"))

func LoginOperation(w http.ResponseWriter, r *http.Request) {
    // Your existing DB code - shorter to make the example here clearer
    err := db.QueryRow("SELECT lvl_flag FROM admin_instance WHERE user_name = ? AND passwd = ?", r.FormValue("username"), r.FormValue("password")).Scan(&lvl)

    // Don't use a global map - create a new one
    userDetails := make(map[string]string)
    userDetails["msg"] = "Login successfully"
    userDetails["err"] = "Not Login"
    userDetails["lvl"] = lvl
    userDetails["fullName"] = uFullName

    // Get a session (existing/new)
    session, err := store.Get(r, "session-name")
    if err != nil {
        http.Error(w, err.Error(), 500)
        return
    }

    // Set some session values.
    session.Values["userDetails"] = userDetails
    // Save it before we write to the response/return from the handler.
    session.Save(r, w)
}

Later, if you want to retrieve the details:

func RequireAuth(w http.ResponseWriter, r *http.Request) {
    // Get a session (existing/new)
    session, err := store.Get(r, "session-name")
    if err != nil {
        http.Error(w, err.Error(), 500)
        return
    }

    // Type assert our userDetails map out of the session's map[string]interface{}
    userDetails, ok := session.Values["userDetails"].(map[string]string)
    if !ok {
        // User does not have an existing session - treat them as not logged in and/or re-direct them to your login page.
        http.Error(w, http.StatusCode(401), 401)
        return
    }


    // Check the user details - e.g. if userDetails["lvl"] == "ACTIVE" { ... }
    // TODO
    }

本回答被题主选为最佳回答 , 对您是否有帮助呢?

报告相同问题？

关注问题

如何在Cookie中通过地图传递多个值
2015-10-26 06:53

回答 1 已采纳 var retMap = make(map[string]string) is a global map that you both read and write to, which is un
Cookie在别的控制类无法获取到值 java spring
2022-05-19 14:56

回答 1 已采纳 cookie设置过期时间.setMaxAge()，不设置的话默认为当前会话。
如何在laravel中获得cookie值 javascript laravel php
2017-05-16 08:37

回答 2 已采纳 Laravel stores cookies encrypted, so Cookie::get() will only retrieve cookies set by Laravel. You
前端把cookie写在父域里_单点登录的三种实现方式
2020-12-21 12:41

weixin_39996101的博客当用户登录成功后，一般会将登录状态记录到 Session 中，或者是给用户签发一个 Token，无论哪一种方式，都需要在客户端保存一些信息(Session ID 或 Token )，并要求客户端在之后的每次请求中携带它们。在这样的场景...
在php中设置cookie并通过ajax运行会话 ajax php
2018-05-20 10:50

回答 1 已采纳 Did you using session_start(); before you set value of session. for example: <?php sessi
在Servlet的doGet()方法中，创建一个Cookie对象 java-ee
2021-12-20 21:26

回答 1 已采纳 //1.在Servlet的doGet()方法中，创建一个Cookie对象，设置Cookie的有效时间为1星期，并返回到客户端。 Cookie cookie = new
uniapp怎么取指定Set-cookie值 html5 javascript vue.js
2021-06-18 13:39

回答 4 已采纳你可以先用分号; 分割出来每个键值对, 然后再用等号= 分割出来每一对最后组合成形成一个对象使用返回的对象.字段名即可例如: function g
Php 取出session中的值,获取php值
2021-03-28 08:04

weixin_39886205的博客 php cli模式下获取参数的方法本文转自IT摆渡网欢迎转载，请标明出处更多php文章请阅读php问题解决PHP在cli模式下接收参数有两种方法1.使用argv数组2.使用getopt方法1.使用argv数组例如：需要执行一个php，并传递三个...
python flask 如何在函数中设置cookie flask python 有问必答
2022-07-28 12:24

回答 3 已采纳用js跳转 resp = make_response("<script>location='/'</script>")#注意修改js中url路径，这里直接跳转首页
在Go中读取Cookie
2018-10-27 14:02

回答 1 已采纳 If you want to read the cookie from an HTTP request, you do it with the Cookies method. Example:
有没有办法在laravel中打印控制器内的所有cookie值？ laravel php
2019-08-07 07:44

回答 1 已采纳 You should be able to just call Cookie::get() without the $name parameter (untested). Otherwise y
前端把cookie写在父域里_面试官：来说说单点登录的三种实现方式
2020-12-21 12:41

weixin_39651325的博客当用户登录成功后，一般会将登录状态记录到 Session 中，或者是给用户签发一个 Token，无论哪一种方式，都需要在客户端保存一些信息(Session ID 或 Token )，并要求客户端在之后的每次请求中携带它们。在这样的场景...
无法在标题中设置Cookie
2019-07-12 17:10

回答 2 已采纳 It appears that you are not using valid cookie name. https://developer.mozilla.org/en-US/docs/Web/
前端把cookie写在父域里_单点登录的三种实现方式，你会几种？
2020-12-21 12:41

weixin_39834984的博客当用户登录成功后，一般会将登录状态记录到 Session 中，或者是给用户签发一个 Token，无论哪一种方式，都需要在客户端保存一些信息(Session ID 或 Token )，并要求客户端在之后的每次请求中携带它们。在这样的场景...
前端把cookie写在父域里_面试官：说一下单点登录的几种实现方式
2020-12-30 18:01

rubyxr109的博客 Java面试笔试面经、Java技术每天学习一点Java面试关注不迷路作者：张永恒...当用户登录成功后,一般会将登录状态记录到 Session 中,或者是给用户签发一个 Token,无论哪一种方式,都需要在客户端保存一些信息(Sessio...
没有解决我的问题, 去提问

悬赏问题

¥15 使用ue5插件narrative时如何切换关卡也保存叙事任务记录
¥20 软件测试决策法疑问求解答
¥15 win11 23H2删除推荐的项目，支持注册表等
¥15 matlab 用yalmip搭建模型，cplex求解，线性化处理的方法
¥15 qt6.6.3 基于百度云的语音识别不会改
¥15 关于#目标检测#的问题：大概就是类似后台自动检测某下架商品的库存，在他监测到该商品上架并且可以购买的瞬间点击立即购买下单
¥15 神经网络怎么把隐含层变量融合到损失函数中？
¥15 lingo18勾选global solver求解使用的算法
¥15 全部备份安卓app数据包括密码，可以复制到另一手机上运行
¥20 测距传感器数据手册i2c

码龄粉丝数原力等级 --

如何在Cookie中通过地图传递多个值

loginMain.go

LoginPkg.go

sessionHandler.go

1条回答默认最新

码龄粉丝数原力等级 --

悬赏问题

如何在Cookie中通过地图传递多个值

loginMain.go

LoginPkg.go

sessionHandler.go

1条回答 默认 最新

悬赏问题

1条回答默认最新