func (this *webSession) SetUser(user *framework.SessionUser) error {
if this.user == nil {
this.user = user
this.changedIf(true)
return nil
}
return framework.NewError(framework.Error_Web_SessionAlreadyHasUser, "session already has user")
}
func (this *webSession) setId(sessionId string, publicId string) error {
if this.IsNew() {
this.id = sessionId
this.publicId = publicId
this.changedIf(true)
return nil
} else {
return framework.NewError(framework.Error_Web_SessionAlreadyHasId, "session already has id")
}
}
func (this *webSessionManager) tryLoadSession(ctx *webContext, publicId string) (*webSession, error) {
securityConfig := this.config.Security
separator := strings.Index(publicId, "#")
if separator < 0 {
return nil, framework.NewError(framework.Error_Web_SessionTampered, "session signature mismatch")
}
signature := publicId[:separator]
encrypted := publicId[separator+1:]
//verify signature
ok := framework.Security.VerifySignature(signature, encrypted, securityConfig.RawSignKey)
if !ok {
return nil, framework.NewError(framework.Error_Web_SessionTampered, "session signature mismatch")
}
//its safe to decrypt
sessionId := framework.Security.Decrypt(encrypted, securityConfig.RawEncryptionKey)
info, err := this.sessionService.Get(sessionId)
//could have been expired?
if err != nil {
return nil, err
}
if info == nil {
//something bad happened
return nil, framework.NewError(framework.Error_Web_SessionNotFound, "Session not found")
}
fmt.Println(fmt.Sprintf("Loading session with publicId %s and id %s", publicId, sessionId))
session := this.loadSession(ctx, publicId, info)
return session, nil
}