Add cookieMaxAge flag.

- Sets the Max-Age field on the returned cookie, indicating to the browser how long it is valid for. - No server-side validation of this number is performed - i.e. the session is valid until the client expicitly logs out, should they choose to ignore this field. This is existing behavior - we are just improving the browser experience. [finished #102876036]
robdimsdale · Sep 8, 2015 · 996b910 · 996b910
1 parent 34e4696
commit 996b910
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 10 deletions.
diff --git a/main.go b/main.go
@@ -55,6 +55,8 @@ var (
 	username = flag.String("username", "", "Username for HTTP authentication.")
 	password = flag.String("password", "", "Password for HTTP authentication.")
 
+	cookieMaxAge = flag.Int("cookieMaxAge", 3600, "Maximum age of cookie in seconds.")
+
 	pidFile = flag.String("pidFile", "", "File to which PID is written")
 
 	dev = flag.Bool("dev", false, "Development mode; do not require username/password")
@@ -135,6 +137,7 @@ func main() {
 		logger,
 		templates,
 		cookieHandler,
+		*cookieMaxAge,
 	)
 
 	webcamURL := fmt.Sprintf("%s:%d", *webcamHost, *webcamPort)

diff --git a/middleware/session_auth.go b/middleware/session_auth.go
@@ -65,17 +65,18 @@ func (s auth) validBasicAuth(request *http.Request) bool {
 	if validated {
 		s.logger.Debug("successfully validated via basic auth")
 		return true
-	} else {
-		s.logger.Debug("failed validation via basic auth")
-		return false
 	}
+
+	s.logger.Debug("failed validation via basic auth")
+	return false
 }
 
 func (s auth) validSession(request *http.Request) bool {
 	var username, password string
 	if cookie, err := request.Cookie("session"); err == nil {
 		cookieValue := make(map[string]string)
-		if err = s.cookieHandler.Decode("session", cookie.Value, &cookieValue); err == nil {
+		err = s.cookieHandler.Decode("session", cookie.Value, &cookieValue)
+		if err == nil {
 			username = cookieValue["name"]
 			password = cookieValue["password"]
 		}
@@ -87,10 +88,9 @@ func (s auth) validSession(request *http.Request) bool {
 	if validated {
 		s.logger.Debug("successfully validated via session")
 		return true
-	} else {
-		s.logger.Debug("failed validation via session")
-		return false
 	}
+	s.logger.Debug("failed validation via session")
+	return false
 }
 
 func secureCompare(a, b string) bool {

diff --git a/web/login/login.go b/web/login/login.go
@@ -20,17 +20,20 @@ type handler struct {
 	logger        lager.Logger
 	templates     *template.Template
 	cookieHandler *securecookie.SecureCookie
+	cookieMaxAge  int
 }
 
 func NewHandler(
 	logger lager.Logger,
 	templates *template.Template,
 	cookieHandler *securecookie.SecureCookie,
+	cookieMaxAge int,
 ) Handler {
 	return &handler{
 		logger:        logger,
 		templates:     templates,
 		cookieHandler: cookieHandler,
+		cookieMaxAge:  cookieMaxAge,
 	}
 }
 
@@ -65,9 +68,10 @@ func (h handler) setSession(
 	encoded, err := h.cookieHandler.Encode("session", value)
 	if err == nil {
 		cookie := &http.Cookie{
-			Name:  "session",
-			Value: encoded,
-			Path:  "/",
+			Name:   "session",
+			Value:  encoded,
+			Path:   "/",
+			MaxAge: h.cookieMaxAge,
 		}
 		http.SetCookie(response, cookie)
 	}