duanliushua5026 2016-02-07 10:22
浏览 174
已采纳

基于Golang会话的身份验证

I am trying to authenticate a user (using email and password) in golang but I am having some problems with sessions. It seems like I cant retrieve the session value from /login/ to / (home) page.

User Registration

hashedPassword, _ := bcrypt.GenerateFromPassword([]byte(r.Form["passwordSignup"][0]), bcrypt.DefaultCost)

err = c.Insert(&model.UserModel{
  Email:     r.Form["emailSignup"][0],
  Password:  string(hashedPassword),
  CreatedAt: time.Now(),
})

// TODO : should session management be made in here ???
// you can use gorilla sessions if you want as far it works

http.SetCookie(w, cookie)
http.Redirect(w, r, "/", 301) // goes to the homepage(only accessed by authenticated users)

Login

if r.Form["emailLogin"][0] == result.Email 
&& bcrypt.CompareHashAndPassword([]byte(result.Password), []byte(r.Form["passwordLogin"][0])) == nil {

  // TODO : Handling the session in here

  http.Redirect(w, r, "/", 301) // goes to the home page
} else {
  http.Redirect(w, r, "/login/", 301)
}

I checked this links too : http://shadynasty.biz/blog/2012/09/05/auth-and-sessions/ https://www.youtube.com/watch?v=p0tGnjW_xxI

  • 写回答

2条回答 默认 最新

  • dongyan9838 2016-02-07 17:17
    关注

    Importantly, you should check all of your errors - e.g.:

    - hashedPassword, _ := bcrypt.GenerateFromPassword([]byte(r.Form["passwordSignup"][0]), bcrypt.DefaultCost)
    # Check our error, especially for something as important as password hashing
    + hashedPassword, err := bcrypt.GenerateFromPassword([]byte(r.Form["passwordSignup"][0]), bcrypt.DefaultCost)
    if err != nil {
        http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
        return
    }
    

    A lot of your relevant cookie code is missing, but here's what it should look like:

    cookie := &http.Cookie{
            Name: "my_app",
            Value: val, // Some encoded value
            Path: "/", // Otherwise it defaults to the /login if you create this on /login (standard cookie behaviour)
            MaxAge: 86400, // One day
    }
    
    http.SetCookie(w, cookie)
    

    Alternatively, if you use gorilla/sessions (which I recommend because it correctly authenticates cookies), you would do the following:

    session, err := store.Get(r, "session-name")
    if err != nil {
        http.Error(w, err.Error(), 500)
        return
    }
    
    session.Options.Path = "/"
    session.Values["user"] = user
    
    err := session.Save(r, w)
    if err != nil {
        http.Error(w, err.Error(), 500)
        return
    }
    
    http.Redirect(w, r, "/", 301)
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 寻一个支付宝扫码远程授权登录的软件助手app
  • ¥15 解riccati方程组
  • ¥15 display:none;样式在嵌套结构中的已设置了display样式的元素上不起作用?
  • ¥30 用arduino开发esp32控制ps2手柄一直报错
  • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
  • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决
  • ¥50 树莓派安卓APK系统签名
  • ¥65 汇编语言除法溢出问题
  • ¥15 Visual Studio问题
  • ¥20 求一个html代码,有偿