Why response Set-Cookie header every time when save session? about redistore HOT 6 CLOSED

This is possible, but you would need to take into account:

1. If the session is close to expiration, do you Set-Cookie?
2. If the Redis data expired, you would need to Set-Cookie with the new ID
3. Making it optional, which is not possible with the sessions.Store
   interface.

How often are you changing the session data, and is the overhead of the
Set-Cookie call a major issue?

On Tue, Sep 13, 2016 at 5:47 AM Jagger Wang [email protected]
wrote:

I only want to save session data to redis, and the cookie, which contain
session id, is not changed, there is no need to set cookie again. Set
cookie only need once when a new session is created.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#23, or mute the thread
https://github.com/notifications/unsubscribe-auth/AABIcEdHFJVuriZAm2TM2X7MPPi6tRzxks5qpps0gaJpZM4J7oRd
.

from redistore.

1. If session is expired, client, such as browser, will not send previous saved cookie anymore. A new session should be created in the next request.
2. If redis data expired, a new session will be created, and should set cookie.
3. And why the cookie value changed every time when saving session, the session id changed?

There is no much performace problem, I just found it not same with previously used session lib.

I'm using Echo web framework, and write a middleware to responsible for session creating and saving, because I don't want to creating and saving session in many places. Am I using it the right way?

package middlewares

import (
    log "github.com/Sirupsen/logrus"
    "github.com/labstack/echo"
    "github.com/labstack/echo/engine/standard"
    "github.com/spf13/viper"
    "gopkg.in/boj/redistore.v1"

    "zaiqiuchang.com/server/models"
)

func Session() echo.MiddlewareFunc {
    return func(next echo.HandlerFunc) echo.HandlerFunc {
        return func(c echo.Context) (err error) {
            store, err := redistore.NewRediStoreWithPool(
                models.RedisPool("zqc"), []byte(viper.GetString("secretkey")))
            if err != nil {
                panic(err)
            }
            store.SetMaxAge(viper.GetInt("session.maxAge"))
            store.SetMaxLength(viper.GetInt("session.maxLength"))
            store.SetKeyPrefix(viper.GetString("session.keyPrefix"))
            req := c.Request().(*standard.Request)
            session, err := store.Get(req.Request, viper.GetString("session.name"))
            if err != nil {
                panic(err)
            }
            c.Set("session", session)

            err = next(c)

            if session.IsNew || c.Get("sessionModified") != nil {
                values := map[string]interface{}{}
                for k, v := range session.Values {
                    values[k.(string)] = v
                }
                log.WithFields(log.Fields{
                    "id":     session.ID,
                    "isNew":  session.IsNew,
                    "values": values,
                }).Debug("save session")
                rsp := c.Response().(*standard.Response)
                if err := session.Save(req.Request, rsp.ResponseWriter); err != nil {
                    log.Error(err)
                }
            }

            return err
        }
    }
}

from redistore.

1. Correct, but the package user may expect that the Redis data is kept
   in sync with the session cookie. Not refreshing the cookie but refreshing
   Redis is non-obvious.

On Tue, Sep 13, 2016 at 6:27 AM Jagger Wang [email protected]
wrote:

1. If session is expired, client, such as browser, will not send
   previous saved cookie anymore. A new session should be created in the next
   request.
2. If redis data expired, a new session will be created, and should
   set cookie. There is no much performace problem, I just found it not same
   with previously used session lib.

I'm using Echo web framework, and write a middleware to responsible for
session creating and saving. Am I using it the right way?

package middlewares
import (
log "github.com/Sirupsen/logrus"
"github.com/labstack/echo"
"github.com/labstack/echo/engine/standard"
"github.com/spf13/viper"
"gopkg.in/boj/redistore.v1"

"zaiqiuchang.com/server/models"

)
func Session() echo.MiddlewareFunc {
return func(next echo.HandlerFunc) echo.HandlerFunc {
return func(c echo.Context) (err error) {
store, err := redistore.NewRediStoreWithPool(
models.RedisPool("zqc"), []byte(viper.GetString("secretkey")))
if err != nil {
panic(err)
}
defer store.Close()
store.SetMaxAge(viper.GetInt("session.maxAge"))
store.SetMaxLength(viper.GetInt("session.maxLength"))
store.SetKeyPrefix(viper.GetString("session.keyPrefix"))
req := c.Request().(*standard.Request)
session, err := store.Get(req.Request, viper.GetString("session.name"))
if err != nil {
panic(err)
}
c.Set("session", session)

        err = next(c)

        if session.IsNew || c.Get("sessionModified") != nil {
            values := map[string]interface{}{}
            for k, v := range session.Values {
                values[k.(string)] = v
            }
            log.WithFields(log.Fields{
                "id":     session.ID,
                "isNew":  session.IsNew,
                "values": values,
            }).Debug("save session")
            rsp := c.Response().(*standard.Response)
            if err := session.Save(req.Request, rsp.ResponseWriter); err != nil {
                log.Error(err)
            }
        }

        return err
    }
}

}

—
You are receiving this because you commented.

Reply to this email directly, view it on GitHub
#23 (comment), or mute
the thread
https://github.com/notifications/unsubscribe-auth/AABIcLlzL2nzjqBjOnUW81N2izj-l5TDks5qpqStgaJpZM4J7oRd
.

from redistore.

That's right, but it's still no need to refresh cookie every time when saving to redis. Only do this when cookie changed, including value, expire time, path, etc.

And it's better performance if store can detect session changing to decide whether save to redis or write cookie, not in application.

from redistore.

Of course, but I would argue that use-case—constantly updating the
cookie—is much rarer. Users have also come to rely on the existing
behavior.

You are welcome to submit a PR that (without breaking existing behavior)
can achieve this.
On Tue, Sep 13, 2016 at 5:57 PM Jagger Wang [email protected]
wrote:

That's right, but it's still no need to refresh cookie every time when
saving to redis. Only do this when cookie changed, including value, expire
time, path, etc.

—
You are receiving this because you commented.

Reply to this email directly, view it on GitHub
#23 (comment), or mute
the thread
https://github.com/notifications/unsubscribe-auth/AABIcIEiR6hOM59fSSUl1paEL-EX8YOYks5qp0ZdgaJpZM4J7oRd
.

from redistore.

Marking this as closed.

from redistore.