I use Golang Beego's package session. When user is logged in - session is created on a server-side and client gets a cookie. For example, expiration date for both session and cookie is 10 sec. I send requests to the server often enough, but still after some seconds (even less than 10) I'm being logged out - that's bad.
Here is a small working example:
package main
import (
"fmt"
"net/http"
"github.com/astaxie/beego/session"
)
var globalSessions *session.Manager
func sessionExists(w http.ResponseWriter, r *http.Request) bool {
sess, err := globalSessions.SessionStart(w, r)
defer sess.SessionRelease(w)
if err != nil {
fmt.Println("Error to start session: " + err.Error())
return false
}
if sessUsername := sess.Get("username"); sessUsername == nil {
return false
}
return true
}
func login(w http.ResponseWriter, r *http.Request) {
sess, err := globalSessions.SessionStart(w, r)
defer sess.SessionRelease(w)
if err != nil {
fmt.Println("Error to start session: " + err.Error())
return
}
sess.Set("username", "user")
http.Redirect(w, r, "/", http.StatusSeeOther)
}
func handler(w http.ResponseWriter, r *http.Request) {
if !sessionExists(w, r) {
fmt.Fprintf(w, "NOT logged in")
} else {
fmt.Fprintf(w, "Logged in")
}
}
func main() {
globalSessions, _ = session.NewManager("memory", &session.ManagerConfig{
CookieName: "msessionid",
EnableSetCookie: true,
Gclifetime: 2,
Maxlifetime: 10,
CookieLifeTime: 10})
go globalSessions.GC()
http.HandleFunc("/", handler)
http.HandleFunc("/login", login)
err := http.ListenAndServe("0.0.0.0:9998", nil)
if err != nil {
fmt.Println("Can't start HTTP listener")
}
}
.. launch it and go to localhost:9998/login - you will see Logged in and will be redirected to the main page. Refresh it every second - after some seconds you'll get a NOT logged in response. I was thinking every request will update session's expiration date on a server-side.
What am I missing? Or this is a bug in a session package?
