-
-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
馃悰 Session middleware does not use KeyLookup for session storage #1492
Comments
Thanks for opening your first issue here! 馃帀 Be sure to follow the issue template! If you need help or want to chat with us, join us on Discord https://gofiber.io/discord |
The problem occurs from this line: fiber/middleware/session/store.go Line 85 in ff57431
When the we regenerating, we're giving session a new ID and thus subsequence For example... HTTP flow with key = "token" sess := store.Get(c) eventho we wanted to lookup from key fiber/middleware/session/store.go Line 43 in ff57431
fiber/middleware/session/store.go Line 68 in ff57431
Storage will always return this potentially causes leakage as well due to unique UUID being generated and store all the time |
I can see that there's a PR merged to fix the issue However the issue defined on #1408 was more of an application error rather than framework error. I think #1408 highlighten the fact that how do I differentiate when
Since |
I am wondering which is a more proper solution for the circumstance when we can not find a session in the store.
How does https://github.com/expressjs/session do?
(https://github.com/expressjs/session/blob/master/index.js#L495) |
Fiber version
2.14 and above
Issue description
Session middleware is unable to lookup via given key
Code snippet
Reproducing
Responses on 2.13
Responses on 2.14++
The text was updated successfully, but these errors were encountered: