How to recover from corrupt session data? (or how to Destroy without loading the session) about scs HOT 2 CLOSED

Kudos for the thoughtful issue description 👍

If this is a one-off issue, I would suggest writing a standalone script which connects to your DB, identifies the corrupted entries, and deletes them. This below is untested code, but I think it should work. Assuming you're using the postgres store and the standard GobCodec to encode the data:

store := postgresstore.New(db)

allSessions, err := store.All()
if err != nil {
	// Handle error
}

for token, b := range allSessions {
	_, _, err := scs.GobCodec.Decode(b)
	if err != nil {
		if err == "whatever error you are getting from decoding the corrupted data"
				err := store.Delete(token)
				if err != nil {
					// Handle error
				}
		else {
			// Handle error
		}
	}
}

If it isn't a one-off, then I suggest fixing the actual issue and taking steps to prevent your production DB data from being corrupted.

If it's outside of your control to fix that, then the custom ErrorFunc seems like a reasonable approach. You can probably make it a bit more robust by changing "session" for sessionManager.SessionCookie.Name and by checking that the value of err passed to errorFunc is specifically the corruption error before you delete the session from the DB and redirect the user. I don't think that you need the http.SetCookie(...) line --- after the redirect the next HTTP request will send the cookie again but this time it won't be found in the DB by LoadAndSave and a new session will be created that will overwrite the old session cookie.

from scs.

Thank you @alexedwards for the valuable suggestions, I'll apply those in our custom ErrorFunc.

My concern was that in such cases, regardless of the origin, it would be hard to detect the problem, and for an end user the only solution would be to clear the cookie manually in the browser. So I believe the custom ErrorFunc that deals with this is a must, although this is indeed a rare condition.

from scs.