Removing a cookie from client
856 views
Skip to first unread message
Aaron Groves
May 3, 2012, 3:49:07 AM5/3/12
to goril...@googlegroups.com
Hi all, I'm trying to create a simple persistent login system using the Gorilla sessions package. The idea is to basically do a Go version of this php setup. I'm trying to set up the logging out part but can't figure out how to delete the users cookie? Can anyone give any hints?
Cheers,
Aaron
Rodrigo Moraes
May 3, 2012, 6:05:36 AM5/3/12
to Gorilla web toolkit
On May 3, 4:49 am, Aaron Groves wrote:
> I'm
> trying to set up the logging out part but can't figure out how to delete
> the users cookie? Can anyone give any hints?
Heya,
> I'm
> trying to set up the logging out part but can't figure out how to delete
> the users cookie? Can anyone give any hints?
You have two options:
Remove the user id (or whatever you use) from session.Values and save
the session, deleting the info used for authentication.
Or issue the cookie to be deleted setting a MaxAge of <0:
http.SetCookie(w, &Cookie{Name: "session-name", MaxAge: -1})
-- rodrigo
Aaron Groves
May 3, 2012, 7:00:12 AM5/3/12
to goril...@googlegroups.com
Thanks for the advice, I was doing your first option as you can see by the commented out sections below. The cookie being deleted entirely makes my login system simpler though.
func Logout(w http.ResponseWriter, r *http.Request) {
//session, _ := store.Get(r, "inb201")
cookie, err := r.Cookie("inb201")
cookie.MaxAge = -1
fmt.Println(cookie, err)
http.SetCookie(w, cookie)
// session.Values["ID"] = ""
// session.Values["Pw"] = ""
// session.Save(r, w)
http.Redirect(w, r, "/", http.StatusFound)
}
Thanks for the help! (And thanks for making a kick ass toolkit!)
Cheers,
Aaron
Rodrigo Moraes
May 3, 2012, 7:41:39 AM5/3/12
to Gorilla web toolkit
On May 3, 8:00 am, Aaron Groves wrote:
> The cookie being deleted entirely makes my
> login system simpler though.
Ah, and you need to set the Expires field too, because IE doesn't like
> The cookie being deleted entirely makes my
> login system simpler though.
MaxAge. When a session is saved, Expires is set based on MaxAge, so
you don't care about it. So maybe saving the session will be more
convenient than setting a cookie directly:
// ...
session.Options = &sessions.Options{MaxAge: -1}
session.Save(r, w)
And you don't need to care about resetting values, the session will be
deleted because the cookie will be set to the past.
So this is a third option.
-- rodrigo
Aaron Groves
May 3, 2012, 8:05:26 AM5/3/12
to goril...@googlegroups.com
Oh that's much neater! Think I'll go with that option.
Thanks again! =)
Rodrigo Moraes
May 4, 2012, 3:05:17 PM5/4/12
to Gorilla web toolkit
On May 3, 9:05 am, Aaron Groves wrote:
> Oh that's much neater! Think I'll go with that option.
I discovered that Expires was not set as a date in the past after
> Oh that's much neater! Think I'll go with that option.
this. Now it is properly set, and updating the package is highly
recommended.
Also, now session.Options is immediately available when a session is
created, so you can do:
session.Options.MaxAge = -1
...instead of creating a new &Options{}. It uses the options set as
default in the store.
-- rodrigo
Aaron Groves
May 4, 2012, 3:12:55 PM5/4/12
to goril...@googlegroups.com
Oh awesome! Cheers for the heads up!
Reply all
Reply to author
Forward
0 new messages