summaryrefslogtreecommitdiff
path: root/vendor/github.com/gorilla/sessions/store.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com/gorilla/sessions/store.go')
-rw-r--r--vendor/github.com/gorilla/sessions/store.go15
1 files changed, 7 insertions, 8 deletions
diff --git a/vendor/github.com/gorilla/sessions/store.go b/vendor/github.com/gorilla/sessions/store.go
index bb7f9647d..aea37e4b5 100644
--- a/vendor/github.com/gorilla/sessions/store.go
+++ b/vendor/github.com/gorilla/sessions/store.go
@@ -6,11 +6,9 @@ package sessions
import (
"encoding/base32"
- "io/ioutil"
"net/http"
"os"
"path/filepath"
- "strings"
"sync"
"github.com/gorilla/securecookie"
@@ -201,6 +199,8 @@ func (s *FilesystemStore) New(r *http.Request, name string) (*Session, error) {
return session, err
}
+var base32RawStdEncoding = base32.StdEncoding.WithPadding(base32.NoPadding)
+
// Save adds a single session to the response.
//
// If the Options.MaxAge of the session is <= 0 then the session file will be
@@ -211,7 +211,7 @@ func (s *FilesystemStore) Save(r *http.Request, w http.ResponseWriter,
session *Session) error {
// Delete if max-age is <= 0
if session.Options.MaxAge <= 0 {
- if err := s.erase(session); err != nil {
+ if err := s.erase(session); err != nil && !os.IsNotExist(err) {
return err
}
http.SetCookie(w, NewCookie(session.Name(), "", session.Options))
@@ -221,9 +221,8 @@ func (s *FilesystemStore) Save(r *http.Request, w http.ResponseWriter,
if session.ID == "" {
// Because the ID is used in the filename, encode it to
// use alphanumeric characters only.
- session.ID = strings.TrimRight(
- base32.StdEncoding.EncodeToString(
- securecookie.GenerateRandomKey(32)), "=")
+ session.ID = base32RawStdEncoding.EncodeToString(
+ securecookie.GenerateRandomKey(32))
}
if err := s.save(session); err != nil {
return err
@@ -261,7 +260,7 @@ func (s *FilesystemStore) save(session *Session) error {
filename := filepath.Join(s.path, "session_"+session.ID)
fileMutex.Lock()
defer fileMutex.Unlock()
- return ioutil.WriteFile(filename, []byte(encoded), 0600)
+ return os.WriteFile(filename, []byte(encoded), 0600)
}
// load reads a file and decodes its content into session.Values.
@@ -269,7 +268,7 @@ func (s *FilesystemStore) load(session *Session) error {
filename := filepath.Join(s.path, "session_"+session.ID)
fileMutex.RLock()
defer fileMutex.RUnlock()
- fdata, err := ioutil.ReadFile(filename)
+ fdata, err := os.ReadFile(filepath.Clean(filename))
if err != nil {
return err
}
generated by cgit v1.2.3 (git 2.46.0) at 2025-08-03 22:51:06 +0000