Comments (2)
Kudos for the thoughtful issue description 👍
If this is a one-off issue, I would suggest writing a standalone script which connects to your DB, identifies the corrupted entries, and deletes them. This below is untested code, but I think it should work. Assuming you're using the postgres store and the standard GobCodec
to encode the data:
store := postgresstore.New(db)
allSessions, err := store.All()
if err != nil {
// Handle error
}
for token, b := range allSessions {
_, _, err := scs.GobCodec.Decode(b)
if err != nil {
if err == "whatever error you are getting from decoding the corrupted data"
err := store.Delete(token)
if err != nil {
// Handle error
}
else {
// Handle error
}
}
}
If it isn't a one-off, then I suggest fixing the actual issue and taking steps to prevent your production DB data from being corrupted.
If it's outside of your control to fix that, then the custom ErrorFunc
seems like a reasonable approach. You can probably make it a bit more robust by changing "session"
for sessionManager.SessionCookie.Name
and by checking that the value of err
passed to errorFunc
is specifically the corruption error before you delete the session from the DB and redirect the user. I don't think that you need the http.SetCookie(...)
line --- after the redirect the next HTTP request will send the cookie again but this time it won't be found in the DB by LoadAndSave
and a new session will be created that will overwrite the old session cookie.
from scs.
Thank you @alexedwards for the valuable suggestions, I'll apply those in our custom ErrorFunc
.
My concern was that in such cases, regardless of the origin, it would be hard to detect the problem, and for an end user the only solution would be to clear the cookie manually in the browser. So I believe the custom ErrorFunc
that deals with this is a must, although this is indeed a rare condition.
from scs.
Related Issues (20)
- Fails using ListenAndServeTLS HOT 1
- Sqlite3store error constraint failed: NOT NULL constraint failed: sessions.expiry (1299) HOT 4
- manage all session HOT 1
- Redis example is using a different Redis library HOT 8
- Custom names for sessions tables HOT 3
- support partitioned CHIPS cookies HOT 2
- pgxstore expects a *pgxpool.Pool instead of a *sql.DB HOT 5
- Flush / streaming HOT 2
- *scs.sessionResponseWriter does not implement http.Hijacker HOT 3
- Support Turso and libsql HOT 2
- Session getting added to DB, but not to cookie, when set to SameSiteNone, but works in SameSiteLax HOT 2
- Sign session ids/tokens HOT 5
- 2.7.0 breaks websocket compatibility HOT 2
- NATS Jetstream and session replication might be of interest HOT 3
- Submodules not being released with tags HOT 1
- Usage with TursoDB HOT 1
- sqlite3 store with custom table name
- Gob register custom struct HOT 2
- [interest check for new store] sqlite3 store using CGO-less modernc.org/sqlite
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from scs.