Comments (6)
This is possible, but you would need to take into account:
- If the session is close to expiration, do you Set-Cookie?
- If the Redis data expired, you would need to Set-Cookie with the new ID
- Making it optional, which is not possible with the sessions.Store
interface.
How often are you changing the session data, and is the overhead of the
Set-Cookie call a major issue?
On Tue, Sep 13, 2016 at 5:47 AM Jagger Wang [email protected]
wrote:
I only want to save session data to redis, and the cookie, which contain
session id, is not changed, there is no need to set cookie again. Set
cookie only need once when a new session is created.—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#23, or mute the thread
https://github.com/notifications/unsubscribe-auth/AABIcEdHFJVuriZAm2TM2X7MPPi6tRzxks5qpps0gaJpZM4J7oRd
.
from redistore.
- If session is expired, client, such as browser, will not send previous saved cookie anymore. A new session should be created in the next request.
- If redis data expired, a new session will be created, and should set cookie.
- And why the cookie value changed every time when saving session, the session id changed?
There is no much performace problem, I just found it not same with previously used session lib.
I'm using Echo web framework, and write a middleware to responsible for session creating and saving, because I don't want to creating and saving session in many places. Am I using it the right way?
package middlewares
import (
log "github.com/Sirupsen/logrus"
"github.com/labstack/echo"
"github.com/labstack/echo/engine/standard"
"github.com/spf13/viper"
"gopkg.in/boj/redistore.v1"
"zaiqiuchang.com/server/models"
)
func Session() echo.MiddlewareFunc {
return func(next echo.HandlerFunc) echo.HandlerFunc {
return func(c echo.Context) (err error) {
store, err := redistore.NewRediStoreWithPool(
models.RedisPool("zqc"), []byte(viper.GetString("secretkey")))
if err != nil {
panic(err)
}
store.SetMaxAge(viper.GetInt("session.maxAge"))
store.SetMaxLength(viper.GetInt("session.maxLength"))
store.SetKeyPrefix(viper.GetString("session.keyPrefix"))
req := c.Request().(*standard.Request)
session, err := store.Get(req.Request, viper.GetString("session.name"))
if err != nil {
panic(err)
}
c.Set("session", session)
err = next(c)
if session.IsNew || c.Get("sessionModified") != nil {
values := map[string]interface{}{}
for k, v := range session.Values {
values[k.(string)] = v
}
log.WithFields(log.Fields{
"id": session.ID,
"isNew": session.IsNew,
"values": values,
}).Debug("save session")
rsp := c.Response().(*standard.Response)
if err := session.Save(req.Request, rsp.ResponseWriter); err != nil {
log.Error(err)
}
}
return err
}
}
}
from redistore.
- Correct, but the package user may expect that the Redis data is kept
in sync with the session cookie. Not refreshing the cookie but refreshing
Redis is non-obvious.
On Tue, Sep 13, 2016 at 6:27 AM Jagger Wang [email protected]
wrote:
- If session is expired, client, such as browser, will not send
previous saved cookie anymore. A new session should be created in the next
request.- If redis data expired, a new session will be created, and should
set cookie. There is no much performace problem, I just found it not same
with previously used session lib.I'm using Echo web framework, and write a middleware to responsible for
session creating and saving. Am I using it the right way?package middlewares
import (
log "github.com/Sirupsen/logrus"
"github.com/labstack/echo"
"github.com/labstack/echo/engine/standard"
"github.com/spf13/viper"
"gopkg.in/boj/redistore.v1""zaiqiuchang.com/server/models"
)
func Session() echo.MiddlewareFunc {
return func(next echo.HandlerFunc) echo.HandlerFunc {
return func(c echo.Context) (err error) {
store, err := redistore.NewRediStoreWithPool(
models.RedisPool("zqc"), []byte(viper.GetString("secretkey")))
if err != nil {
panic(err)
}
defer store.Close()
store.SetMaxAge(viper.GetInt("session.maxAge"))
store.SetMaxLength(viper.GetInt("session.maxLength"))
store.SetKeyPrefix(viper.GetString("session.keyPrefix"))
req := c.Request().(*standard.Request)
session, err := store.Get(req.Request, viper.GetString("session.name"))
if err != nil {
panic(err)
}
c.Set("session", session)err = next(c) if session.IsNew || c.Get("sessionModified") != nil { values := map[string]interface{}{} for k, v := range session.Values { values[k.(string)] = v } log.WithFields(log.Fields{ "id": session.ID, "isNew": session.IsNew, "values": values, }).Debug("save session") rsp := c.Response().(*standard.Response) if err := session.Save(req.Request, rsp.ResponseWriter); err != nil { log.Error(err) } } return err } }
}
—
You are receiving this because you commented.Reply to this email directly, view it on GitHub
#23 (comment), or mute
the thread
https://github.com/notifications/unsubscribe-auth/AABIcLlzL2nzjqBjOnUW81N2izj-l5TDks5qpqStgaJpZM4J7oRd
.
from redistore.
That's right, but it's still no need to refresh cookie every time when saving to redis. Only do this when cookie changed, including value, expire time, path, etc.
And it's better performance if store can detect session changing to decide whether save to redis or write cookie, not in application.
from redistore.
Of course, but I would argue that use-case—constantly updating the
cookie—is much rarer. Users have also come to rely on the existing
behavior.
You are welcome to submit a PR that (without breaking existing behavior)
can achieve this.
On Tue, Sep 13, 2016 at 5:57 PM Jagger Wang [email protected]
wrote:
That's right, but it's still no need to refresh cookie every time when
saving to redis. Only do this when cookie changed, including value, expire
time, path, etc.—
You are receiving this because you commented.Reply to this email directly, view it on GitHub
#23 (comment), or mute
the thread
https://github.com/notifications/unsubscribe-auth/AABIcIEiR6hOM59fSSUl1paEL-EX8YOYks5qp0ZdgaJpZM4J7oRd
.
from redistore.
Marking this as closed.
from redistore.
Related Issues (20)
- Session locking HOT 1
- Session synchronization problem HOT 2
- Ping HOT 3
- custom structs missing from GOB will silently fail and return sessions without some values. HOT 2
- Allow passthrough of `DialOptions` HOT 3
- gob: decoding into local type *string, received remote type map[interface]interface HOT 4
- Propagate `gob/encoding` errors. HOT 6
- Get: base64 decode failed HOT 4
- Enhancement request to extend session automatically during use HOT 4
- drone.io Badge Fix
- Move to Travis CI
- Support vgo/go.mod & Tag New Release HOT 7
- Update TravisCI config to use Redis & Add Mocks
- IsNew access on a session causes nil pointer dereference HOT 2
- Problem with session (MaxAge == 0) cookie HOT 1
- Delete all sessions by user HOT 2
- Secure HOT 1
- Question: Is this still supported? HOT 4
- Please update redigo
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from redistore.