Trying to differentiate from a bad user-cookie error vs. an internal error using gorilla/sessions e.g.
import "github.com/gorilla/sessions"
sess, err := store.Get(r, sessName)
if err != nil {
// either user error (bad-cookie i.e. invalid HMAC)
// http.Error(w, "not authenticated", http.StatusUnauthorized)
// or server error (FileSystemStore i/o)
// http.Error(w, "internal error", http.StatusInternalServerError)
return
}
The underlying securecookie package has an exported error ErrMacInvalid for bad user cookies. So ordinarily one would just check for this specific error, but this does not work:
import "github.com/gorilla/securecookie"
if err == securecookie.ErrMacInvalid {
// bad user-cookie
} else if err != nil {
// otherwise internal error
}
The reason it does not work - using say securecookie.NewCookieStore() as a session store - is it will return a error of type securecookie.MultiError
(a []error type) with the securecookie.ErrMacInvalid value listed within the error slice.
Trying something like this seems very convoluted:
if e2, ok := err.(securecookie.MultiError); ok && len(e2) > 0 && e2[0] == securecookie.ErrMacInvalid { {
// bad user-cookie
} else if err != nil {
// otherwise internal error
}
is there an easier way?
