Example #1
1
/*
	получить актуальную сессию
*/
func Get(w http.ResponseWriter, r *http.Request) *Session {
	var (
		err    error
		cookie *http.Cookie
		ses    *Session
		ok     bool
		ses_id string
	)

	cookie, err = r.Cookie(sid)
	if err != nil {
		ses_id, ses = registry.new()

		cookie = &http.Cookie{Name: sid, Value: ses_id, Path: "/", HttpOnly: true, MaxAge: int(maxlifetime.Seconds())}
		http.SetCookie(w, cookie)

		return ses
	}

	ses, ok = registry.get(cookie.Value)
	if !ok {
		ses = registry.create(cookie.Value)

		cookie.MaxAge = int(maxlifetime.Seconds())
		cookie.Path = "/"
		http.SetCookie(w, cookie)

		return ses
	}

	cookie.MaxAge = int(maxlifetime.Seconds())
	http.SetCookie(w, cookie)

	return ses
}
Example #2
1
func LogoutHandler(c *gin.Context) {
	var userCookie http.Cookie
	userCookie.Name = "user"
	userCookie.MaxAge = -1
	http.SetCookie(c.Writer, &userCookie)
	c.Redirect(http.StatusMovedPermanently, "/")
}
Example #3
1
// AddSignedCookie adds the specified cookie to the response and also adds an
// additional 'signed' cookie that is used to validate the cookies value when
// SignedCookie is called.
func (c *Context) AddSignedCookie(cookie *http.Cookie) (*http.Cookie, error) {

	// make the signed cookie
	signedCookie := new(http.Cookie)

	// copy the cookie settings
	signedCookie.Path = cookie.Path
	signedCookie.Domain = cookie.Domain
	signedCookie.RawExpires = cookie.RawExpires
	signedCookie.Expires = cookie.Expires
	signedCookie.MaxAge = cookie.MaxAge
	signedCookie.Secure = cookie.Secure
	signedCookie.HttpOnly = cookie.HttpOnly
	signedCookie.Raw = cookie.Raw

	// set the signed cookie specifics
	signedCookie.Name = toSignedCookieName(cookie.Name)
	signedCookie.Value = Hash(cookie.Value)

	// add the cookies
	http.SetCookie(c.ResponseWriter, cookie)
	http.SetCookie(c.ResponseWriter, signedCookie)

	// return the new signed cookie (and no error)
	return signedCookie, nil

}
Example #4
1
/**
 * クッキーを作成する
 * @function
 * @param {string} name クッキーの名前
 * @param {string} value クッキーの値
 * @param {string} domain 有効ドメイン
 * @param {string} path 有効ディレクトリ
 * @param {int} hour 有効期限(時間)
 */
func NewCookie(name string, value string, domain string, path string, hour int) *http.Cookie {
	duration := time.Hour * time.Duration(hour)
	now := time.Now()
	expire := now.Add(duration)

	cookie := new(http.Cookie)
	cookie.Name = name
	cookie.Value = value
	cookie.Domain = domain
	cookie.Path = path
	cookie.Expires = expire
	cookie.RawExpires = expire.Format(time.UnixDate)
	cookie.MaxAge = 60 * 60 * hour
	cookie.Secure = false
	cookie.HttpOnly = true
	cookie.Raw = fmt.Sprintf("%s=%s", cookie.Name, cookie.Value)
	cookie.Unparsed = []string{cookie.Raw}

	return cookie
}
Example #5
0
// parse parses a Set-Cookie header into a cookie.
// It supports space in name unlike net/http.
// Returns nil if invalid.
func parse(s string) *http.Cookie {
	var c http.Cookie
	for i, field := range strings.Split(s, ";") {
		if len(field) == 0 {
			continue
		}
		nv := strings.SplitN(field, "=", 2)
		name := strings.TrimSpace(nv[0])
		value := ""
		if len(nv) > 1 {
			value = strings.TrimSpace(nv[1])
		}
		if i == 0 {
			if len(nv) != 2 {
				continue
			}
			c.Name = name
			c.Value = value
			continue
		}
		switch strings.ToLower(name) {
		case "secure":
			c.Secure = true
		case "httponly":
			c.HttpOnly = true
		case "domain":
			c.Domain = value
		case "max-age":
			secs, err := strconv.Atoi(value)
			if err != nil || secs != 0 && value[0] == '0' {
				continue
			}
			if secs <= 0 {
				c.MaxAge = -1
			} else {
				c.MaxAge = secs
			}
		case "expires":
			exptime, err := time.Parse(time.RFC1123, value)
			if err != nil {
				exptime, err = time.Parse("Mon, 02-Jan-2006 15:04:05 MST", value)
				if err != nil {
					c.Expires = time.Time{}
					continue
				}
			}
			c.Expires = exptime.UTC()
		case "path":
			c.Path = value
		}
	}
	if c.Name == "" {
		return nil
	}
	return &c
}
Example #6
0
File: ctx.go Project: elago/ela
// set cookie
// args: name, value, max age, path, domain, secure, http only, expires
func (ctx *Context) SetCookie(name string, value string, others ...interface{}) {
	cookie := http.Cookie{}
	cookie.Name = name
	cookie.Value = url.QueryEscape(value)

	if len(others) > 0 {
		switch v := others[0].(type) {
		case int:
			cookie.MaxAge = v
		case int64:
			cookie.MaxAge = int(v)
		case int32:
			cookie.MaxAge = int(v)
		}
	}

	cookie.Path = "/"
	if len(others) > 1 {
		if v, ok := others[1].(string); ok && len(v) > 0 {
			cookie.Path = v
		}
	}

	if len(others) > 2 {
		if v, ok := others[2].(string); ok && len(v) > 0 {
			cookie.Domain = v
		}
	}

	if len(others) > 3 {
		switch v := others[3].(type) {
		case bool:
			cookie.Secure = v
		default:
			if others[3] != nil {
				cookie.Secure = true
			}
		}
	}

	if len(others) > 4 {
		if v, ok := others[4].(bool); ok && v {
			cookie.HttpOnly = true
		}
	}

	if len(others) > 5 {
		if v, ok := others[5].(time.Time); ok {
			cookie.Expires = v
			cookie.RawExpires = v.Format(time.UnixDate)
		}
	}

	ctx.w.Header().Add("Set-Cookie", cookie.String())
}
Example #7
0
func (ctx *Context) SetCookie(name string, value string, others ...interface{}) {
	cookie := http.Cookie{}
	cookie.Name = name
	cookie.Value = value

	if len(others) > 0 {
		switch v := others[0].(type) {
		case int:
			cookie.MaxAge = v
		case int64:
			cookie.MaxAge = int(v)
		case int32:
			cookie.MaxAge = int(v)
		}
	}

	// default "/"
	if len(others) > 1 {
		if v, ok := others[1].(string); ok && len(v) > 0 {
			cookie.Path = v
		}
	} else {
		cookie.Path = "/"
	}

	// default empty
	if len(others) > 2 {
		if v, ok := others[2].(string); ok && len(v) > 0 {
			cookie.Domain = v
		}
	}

	// default empty
	if len(others) > 3 {
		switch v := others[3].(type) {
		case bool:
			cookie.Secure = v
		default:
			if others[3] != nil {
				cookie.Secure = true
			}
		}
	}

	// default false. for session cookie default true
	if len(others) > 4 {
		if v, ok := others[4].(bool); ok && v {
			cookie.HttpOnly = true
		}
	}

	ctx.Res.Header().Add("Set-Cookie", cookie.String())
}
Example #8
0
func (res *Response) SetCookie(name string, value string, others ...interface{}) {
	cookie := http.Cookie{}
	cookie.Name = name
	cookie.Value = url.QueryEscape(value)

	if len(others) > 0 {
		switch v := others[0].(type) {
		case int:
			cookie.MaxAge = v
		case int64:
			cookie.MaxAge = int(v)
		case int32:
			cookie.MaxAge = int(v)
		}
	}

	cookie.Path = "/"
	if len(others) > 1 {
		if v, ok := others[1].(string); ok && len(v) > 0 {
			cookie.Path = v
		}
	}

	if len(others) > 2 {
		if v, ok := others[2].(string); ok && len(v) > 0 {
			cookie.Domain = v
		}
	}

	if len(others) > 3 {
		switch v := others[3].(type) {
		case bool:
			cookie.Secure = v
		default:
			if others[3] != nil {
				cookie.Secure = true
			}
		}
	}

	if len(others) > 4 {
		if v, ok := others[4].(bool); ok && v {
			cookie.HttpOnly = true
		}
	}

	res.Header().Add("Set-Cookie", cookie.String())
}
Example #9
0
func removeSignedCookie(w http.ResponseWriter, cookie *http.Cookie) {
	cookie.MaxAge = -1
	var signCookie = *cookie
	signCookie.Name += sign_suffix
	http.SetCookie(w, cookie)
	http.SetCookie(w, &signCookie)
}
Example #10
0
func (ss signedCookieSessionHandler) writeToResponse(s SignedCookieSession, resp goanna.Response) {
	bytes, err := s.sessionData.Unmarshal()
	if err != nil {
		log.Println(err.Error())
	}

	cookie := http.Cookie{
		Name:     ss.CookieName,
		Value:    base64.URLEncoding.EncodeToString(bytes),
		HttpOnly: true,
		Secure:   ss.Secure,
		Path:     "/",
	}
	ss.CookieSigner.EncodeCookie(&cookie)

	maxage := int(s.MaxAge() / time.Second)
	if maxage != 0 {
		if s.preferExpires {
			cookie.Expires = time.Now().Add(s.MaxAge())
		} else {
			cookie.MaxAge = maxage
		}
	}
	resp.SetCookie(cookie)
}
Example #11
0
func Set(w http.ResponseWriter, s string) {
	secure, _ := strconv.ParseBool(config.Get("session_cookie_secure"))

	c := new(http.Cookie)
	c.Name = fmt.Sprintf("%s-flash", config.Get("session_cookie_name"))
	c.Path = config.Get("session_cookie_path")
	c.Value = base64.URLEncoding.EncodeToString([]byte(strings.TrimSpace(s)))
	if c.Value != "" {
		c.MaxAge = 0
	} else {
		c.MaxAge = -1
	}
	c.Secure = secure

	http.SetCookie(w, c)
	logger.Log(w, "SET-COOKIE", c.String())
}
Example #12
0
func (r *OkResponse) ClearCookie(name string) {
	c := http.Cookie{}
	c.Name = name
	c.Value = "none"
	c.MaxAge = -1
	c.Expires = time.Unix(1, 0)
	r.SetCookie(c)
}
Example #13
0
func commitSession(headers Headers, env Env, key, secret string, newValue string, options *CookieOptions) {
	cookie := new(http.Cookie)
	cookie.Name = key
	cookie.Value = newValue
	cookie.Path = options.Path
	cookie.Domain = options.Domain
	cookie.MaxAge = options.MaxAge
	cookie.Secure = options.Secure
	cookie.HttpOnly = options.HttpOnly
	headers.Add("Set-Cookie", cookie.String())
}
Example #14
0
func commitSession(headers Headers, env Env, key, secret string, options *CookieOptions) {
	cookie := new(http.Cookie)
	cookie.Name = key
	cookie.Value = encodeCookie(env["mango.session"].(map[string]interface{}), secret)
	cookie.Path = options.Path
	cookie.Domain = options.Domain
	cookie.MaxAge = options.MaxAge
	cookie.Secure = options.Secure
	cookie.HttpOnly = options.HttpOnly
	headers.Add("Set-Cookie", cookie.String())
}
Example #15
0
// Constructs a new CSRFHandler that calls
// the specified handler if the CSRF check succeeds.
func New(handler http.Handler) *CSRFHandler {
	baseCookie := http.Cookie{}
	baseCookie.MaxAge = MaxAge

	csrf := &CSRFHandler{successHandler: handler,
		failureHandler: http.HandlerFunc(defaultFailureHandler),
		baseCookie:     baseCookie,
	}

	return csrf
}
Example #16
0
/*
   Set cookie "name" to "value", where "value" may be a string or interface
   converted to JSON. The "path" option defaults to "/".

   Set cookie `name` to `val`, with the given `options`.

   Options:

       - `maxAge`   max-age in milliseconds, converted to `expires`
       - `signed`   sign the cookie
       - `path`     defaults to "/"

   Examples:

       // "Remember Me" for 15 minutes
       res.Cookie("rememberme", "1", &httpCookie{ expires: new Date(Date.now() + 900000), httpOnly: true });

       // save as above
       res.Cookie("rememberme", "1", &httpCookie{ maxAge: 900000, httpOnly: true })
*/
func (this *Response) Cookie(n string, i interface{}, o ...*http.Cookie) {

	var cookie *http.Cookie

	/*
	   If we were given cookie options use them.
	*/

	if len(o) == 1 {
		cookie = o[0]
	} else {
		cookie = &http.Cookie{}
	}

	/*
	   Convert the given interface to a string so it can be used as a cookie value.
	*/

	var v string
	switch i.(type) {
	default:
		b, e := json.Marshal(i)
		v = string(b)
		if e != nil {
			v = e.Error()
		}
	case string:
		v = i.(string)
	}

	cookie.Name = n
	cookie.Value = url.QueryEscape(Encode(v))

	if cookie.Path == "" {
		cookie.Path = "/"
	}

	if cookie.MaxAge == 0 {
		// max-age in milliseconds, converted to `expires`
		// TODO: Check the timing here.
		cookie.Expires = time.Now().UTC().Add(time.Duration(cookie.MaxAge) * (time.Millisecond * time.Microsecond))
		cookie.MaxAge = cookie.MaxAge / 1000
	}

	// cookie.Domain = ""
	// cookie.Secure = false
	// cookie.HttpOnly = false

	/*
	   Possible bug if headers are already sent.
	*/

	http.SetCookie(this.Writer, cookie)
}
Example #17
0
// createCookie 创建cookie
func (this *HttpProcessor) createCookie(name string, id string, expire int) *http.Cookie {
	var cookieValue = new(http.Cookie)
	cookieValue.Name = name
	cookieValue.Value = id
	cookieValue.Path = "/"
	cookieValue.HttpOnly = true
	if expire > 0 {
		cookieValue.MaxAge = expire
		cookieValue.Expires = time.Now().Add(time.Second * time.Duration(expire))
	}
	return cookieValue
}
Example #18
0
/*
Add the Session to the response

Basically this means setting a cookie
*/
func (sh *BaseSessionHolder) AddToResponse(c web.C, session *Session, w http.ResponseWriter) {
	cookie := http.Cookie{
		Name:     "sessionid",
		Value:    session.Id(),
		Path:     "/",
		HttpOnly: sh.HttpOnly,
		Secure:   sh.Secure,
	}
	if sh.PersistentCookie {
		cookie.MaxAge = sh.Timeout
	}
	http.SetCookie(w, &cookie)
}
Example #19
0
func (s *Session) Save(w http.ResponseWriter, keepalive bool) error {
	q := `
        UPDATE user_session SET
            valid_until = ?
            , modified_date = ?
        WHERE id = ?;
    `

	valid := int64(0)

	if keepalive {
		valid = time.Now().Unix() + SESSION_OFFSET
	}

	params := []interface{}{
		valid,
		time.Now().Unix(),
		s.Id,
	}

	_, err := dao.Exec(q, params)
	if err != nil {
		return err
	}

	expires := -1

	if keepalive {
		expires, _ = strconv.Atoi(config.Get("session_cookie_expires"))
	}

	secure, _ := strconv.ParseBool(config.Get("session_cookie_secure"))

	c := new(http.Cookie)
	c.Name = config.Get("session_cookie_name")
	if keepalive {
		c.Value = s.Key
	}
	c.Path = config.Get("session_cookie_path")
	c.MaxAge = expires
	c.Secure = secure

	http.SetCookie(w, c)
	logger.Log(w, "SET-COOKIE", c.String())
	return nil
}
Example #20
0
func logOutHandler(w http.ResponseWriter, r *http.Request, s string) {
	ctx := appengine.NewContext(r)
	url, err := user.LogoutURL(ctx, "/")
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}
	// Deleting session cookie
	var cookie *http.Cookie
	cookie, err = r.Cookie(s)
	if err != http.ErrNoCookie {
		cookie.MaxAge = -1
		http.SetCookie(w, cookie)
	}
	//  CHANGE NECESSARY DB FIELDS OF USER !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
	http.Redirect(w, r, url, http.StatusFound)
}
Example #21
0
// sid="" for remove it now
func (this *Session) writeSession(res Response, sid string) {
	var toSet = http.Cookie{
		Name:     sid_cookie_key,
		Value:    sid,
		Path:     this.Path,
		Secure:   this.Secure,
		HttpOnly: this.HttpOnly,
	}
	if this.MaxAge > 0 {
		toSet.MaxAge = this.MaxAge
	}
	if sid == "" {
		removeSignedCookie(res.R(), &toSet)
		return
	}
	setSignedCookie(res.R(), &toSet, this.Secret)
}
Example #22
0
/*
   Clear cookie "name". The "path" option defaults to "/".
*/
func (this *Response) ClearCookie(n string, o ...*http.Cookie) {

	var opt *http.Cookie

	if len(o) == 1 {
		opt = o[0]
	} else {
		opt = &http.Cookie{}
	}

	opt.MaxAge = -1

	if opt.Path == "" {
		opt.Path = "/"
	}

	this.Cookie(n, "", opt)
}
Example #23
0
func PostLogin(w http.ResponseWriter, r *http.Request) {
	w.Header().Set("Content-Type", "text/plain")

	username := r.FormValue("username")
	password := r.FormValue("password")

	if username == "" {
		w.WriteHeader(http.StatusBadRequest)
		w.Write([]byte("Empty username\n"))
		return
	}

	if password == "" {
		w.WriteHeader(http.StatusBadRequest)
		w.Write([]byte("Empty Password\n"))
		return
	}

	checkedPassword, _, _, err := dba.GetUser(username)
	if err != nil {
		w.WriteHeader(http.StatusBadRequest)
		w.Write([]byte("No Such Username"))
		return
	}

	if checkedPassword != password {
		w.WriteHeader(http.StatusBadRequest)
		w.Write([]byte("Incorrect Password"))
		return
	}

	var cookie http.Cookie
	cookie.Name = "session"
	cookie.Value = sm.GenerateNewSessionId(username)
	cookie.Domain = ""
	cookie.Path = "/"
	cookie.MaxAge = 0

	http.SetCookie(w, &cookie)

	w.WriteHeader(http.StatusOK)
	w.Write([]byte(""))
}
Example #24
0
File: login.go Project: oldtree/One
func HandleLoginPost(c *gin.Context) {
	var userid string
	var cookieid string
	var cookie = new(http.Cookie)

	userid = c.Request.Header.Get("email")

	password := c.Request.Header.Get("password")
	if userid == "" {
		cookie, err := c.Request.Cookie("one")
		if err != nil {
			tools.Info(err.Error())
		}

		if cookie != nil {
			cookieid = cookie.Value
			tools.Info(cookieid)
		}

	}

	ser := new(Service.PersonalService)
	ser.ServerType = Service.PERSONAAL_LOGINLOGOUT_SERVICE_TYPE
	ser.ActionType = Service.PERSONAL_POST_ACTION
	ser.Params = make(map[string]interface{})
	ser.Params["userid"] = userid
	ser.Params["password"] = password
	ser.ProcessService()

	cookie.Name = "one"
	cookie.Value = userid
	cookie.MaxAge = 3600
	c.Request.AddCookie(cookie)
	if ser.Result["data"] != nil {
		tools.Info("user login success")
		c.Redirect(301, "/people/"+userid)
	} else {
		tools.Info("user login failed")
		c.JSON(200, ser.Result)
	}

}
Example #25
0
func (c *Cookie) Set(name, value string, second time.Duration) {

	cookie := http.Cookie{
		Name:     name,
		Value:    value,
		HttpOnly: true,
		Path:     "/",
		Domain:   c.r.URL.Host,
	}

	if second == 0 {
		cookie.MaxAge = 0
	} else {
		expire := time.Now().Add(second * time.Second)
		cookie.Expires = expire
	}

	http.SetCookie(c.w, &cookie)

}
Example #26
0
func defaultHandler(w http.ResponseWriter, r *http.Request, db *sql.DB) {
	cookieToken, err := r.Cookie("token")
	if err != nil {
		if err == http.ErrNoCookie {
			http.Redirect(w, r, "/auth", http.StatusSeeOther)
			return
		}
		internalServerError(w, err)
		return
	}

	token := auth.NewUserToken()
	err = token.FromString(cookieToken.Value)
	if err == nil {
		err = auth.CheckUserToken(db, token)
	}
	if err != nil {
		if _, ok := err.(auth.AuthError); ok {
			var c http.Cookie
			c.Name = "token"
			c.MaxAge = -1
			c.Secure = true
			c.HttpOnly = true

			http.SetCookie(w, &c)
			http.Redirect(w, r, "/", http.StatusSeeOther)
			return
		}
		internalServerError(w, err)
		return
	}

	if r.URL.Path != "/" {
		http.Redirect(w, r, "/", http.StatusSeeOther)
		return
	}

	chatHandler(w, r, db)
}
Example #27
0
// addCookie adds a cookie to the response. The cookie value is the base64
// encoding of the json encoding of data. If data is nil, then the cookie is
// deleted.
func addCookie(w http.ResponseWriter, name string, data interface{}, maxAge time.Duration) error {
	c := http.Cookie{
		Name:     name,
		Path:     "/",
		HttpOnly: true,
	}
	if data == nil {
		maxAge = -10000 * time.Second
	} else {
		var b bytes.Buffer
		if err := json.NewEncoder(&b).Encode(data); err != nil {
			return err
		}
		c.Value = base64.URLEncoding.EncodeToString(b.Bytes())
	}
	if maxAge != 0 {
		c.MaxAge = int(maxAge / time.Second)
		c.Expires = time.Now().Add(maxAge)
	}
	http.SetCookie(w, &c)
	return nil
}
Example #28
0
// SetUserCookie creates a secure cookie for the given username, indicating the
// user is authenticated.
func SetUserCookie(w http.ResponseWriter, r *http.Request, user string) {

	// cookie expires in 2 weeks
	exp := time.Now().Add(Config.CookieExp)

	// generate cookie valid for 24 hours for user
	value := authcookie.New(user, exp, Config.CookieSecret)

	cookie := http.Cookie{
		Name:   Config.CookieName,
		Value:  value,
		Path:   "/",
		Domain: r.URL.Host,
	}

	// if not a session cookie
	if Config.CookieMaxAge > 0 {
		cookie.Expires = exp
		cookie.MaxAge = Config.CookieMaxAge
	}

	http.SetCookie(w, &cookie)
}
Example #29
0
func TestAddSignedCookie(t *testing.T) {

	context := MakeTestContext()
	cookie := new(http.Cookie)
	cookie.Name = "userId"
	cookie.Value = "2468"
	cookie.Path = "/something"
	cookie.Domain = "domain"
	cookie.RawExpires = "NOW"
	cookie.Expires = time.Now()
	cookie.MaxAge = 123
	cookie.Secure = true
	cookie.HttpOnly = true
	cookie.Raw = "userId=2468;"

	signedCookie, err := context.AddSignedCookie(cookie)

	if err != nil {
		t.Errorf("AddSignedCookie shouldn't return an error: %s", err)
		return
	}

	assertEqual(t, signedCookie.Name, fmt.Sprintf("%s_signed", cookie.Name), "Cookie name")
	assertEqual(t, signedCookie.Value, Hash(cookie.Value), "Cookie value (signed)")

	// assert the rest of the values were also copied
	assertEqual(t, signedCookie.Path, cookie.Path, "Path")
	assertEqual(t, signedCookie.Domain, cookie.Domain, "Domain")
	assertEqual(t, signedCookie.RawExpires, cookie.RawExpires, "RawExpires")
	assertEqual(t, signedCookie.Expires, cookie.Expires, "Expires")
	assertEqual(t, signedCookie.MaxAge, cookie.MaxAge, "MaxAge")
	assertEqual(t, signedCookie.Secure, cookie.Secure, "Secure")
	assertEqual(t, signedCookie.HttpOnly, cookie.HttpOnly, "HttpOnly")
	assertEqual(t, signedCookie.Raw, cookie.Raw, "Raw")

}
Example #30
0
				resp, _ := x.ReadResponse()
				jsessionId := getCookie(proxy.StickyCookieKey, resp.Cookies())
				Expect(jsessionId).ToNot(BeNil())

				cookie := getCookie(proxy.VcapCookieId, resp.Cookies())
				Expect(cookie).ToNot(BeNil())
				Expect(cookie.Value).To(Equal("some-id"))
				Expect(cookie.Secure).To(BeFalse())
				Expect(cookie.MaxAge).To(BeZero())
				Expect(cookie.Expires).To(BeZero())
			})

			Context("when the JSESSIONID is expired", func() {
				BeforeEach(func() {
					jSessionIdCookie.MaxAge = -1
				})

				It("expires the VCAP_ID", func() {
					ln := registerHandlerWithInstanceId(r, "app", "", responseWithJSessionID, "my-id")
					defer ln.Close()

					x := dialProxy(proxyServer)
					req := test_util.NewRequest("GET", "app", "/", nil)
					x.WriteRequest(req)

					Eventually(done).Should(Receive())

					resp, _ := x.ReadResponse()
					jsessionId := getCookie(proxy.StickyCookieKey, resp.Cookies())
					Expect(jsessionId).ToNot(BeNil())