Renewing sessions #22
Comments
|
The mechanism I came up with for renewing sessions is to call AuthenticateSession() from my LoginRequired() function; i.e. no change needed to martini-contrib. func SessionUser(newUser func() User) martini.Handler {
return func(s sessions.Session, c martini.Context, l *log.Logger) {
userId := s.Get(SessionKey)
user := newUser()
if userId != nil {
err := user.GetById(userId)
if err != nil {
l.Printf("Login Error: %v\n", err)
} else if !s.IsNew() {
user.Login()
}
... |
|
It's been too long since I've looked at this to be a good judge. But if it's a security concern then we should certainly merge it. Could you send in a PR? Thanks!! |
|
Note, the change in sessionauth requires the change in sessions. |
|
Unfortunately the automated checks are failing for something unrelated to my changes. |
It is typical for a session token to be renewed on every API call.
What strategy would we use to do this with the sessionauth package?
It looks to me like the SessionUser() function that is inserted into the flow could do this whenever a user is successfully matched by calling Save() on the martini-contrib session.
Any thoughts?
The text was updated successfully, but these errors were encountered: