When using Gorilla sessions, session variables are not being maintained across requests. The app directs users to the login page despite successful login and session variable storage.
1. Correct Path Configuration:
The session store is not accessible from other paths because the Path is set to "/loginSession". Change it to "/" to make the session accessible throughout the application.
2. Session Value Validation:
Do not compare session.Values["email"] to nil. Instead, type assert the value to a string and check if it's empty using val == "".
3. Error Handling:
Ensure errors are handled when saving sessions using err := sessionNew.Save(req, res).
4. Session Validation in SessionHandler:
Validate the session before serving static files in SessionHandler. Redirect users to login if the email session value is not present.
Code Fixes:
Init Function:
<code class="go">func init() {
store.Options = &sessions.Options{
Domain: "localhost",
Path: "/",
MaxAge: 3600 * 8, // 8 hours
HttpOnly: true,
}
}</code>SessionHandler:
<code class="go">func SessionHandler(res http.ResponseWriter, req *http.Request) {
session, err := store.Get(req, "loginSession")
if err != nil {
// Handle the error
}
if session.Values["email"] == "" {
http.Redirect(res, req, "html/login.html", http.StatusFound)
} else {
http.Redirect(res, req, "html/home.html", http.StatusFound)
}
}</code>Security Recommendations:
Additionally, it's crucial to use bcrypt for password hashing and parameterize SQL queries to avoid potential vulnerabilities.
The above is the detailed content of Why are my Gorilla Sessions not persisting across requests in my Go application?. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
