Example #1
0
// getCSRF returns the CSRF from a session or creates a new CSRF token if
// the value does not exist inside the session.
func getCSRF(session *sessions.Session) (csrf []byte, ok bool) {
	csrfIf, ok := session.Values[csrfToken]
	if !ok {
		csrf = tokens.NewCSRFToken(session.ID)
	} else {
		if csrf, ok = csrfIf.([]byte); !ok {
			csrf = tokens.NewCSRFToken(session.ID)
		}
	}
	return
}
Example #2
0
func createSession(w http.ResponseWriter, r *http.Request, session *sessions.Session) *ServerSession {

	// Each session needs a unique ID in order to be saved.
	if session.ID == "" {
		session.ID = tokens.NewSessionID()
	}

	ss := &ServerSession{
		CSRFToken: tokens.NewCSRFToken(session.ID),
	}

	// Attempt to store the session. Remove the session if it's not stored
	// correctly.
	if err := ss.StoreSession(session.ID); err != nil {
		RemoveSession(session.ID)
		glog.Fatalln(err)
	}

	// Similarly, save it in our FS storage and set the user's cookie.
	if err := session.Save(r, w); err != nil {
		RemoveSession(session.ID)
		glog.Fatalln(err)
	}

	return ss
}