All geek questions in one place

Go and gorillas in Internet Explorer

I am making a simple web application using Go, gorilla for sessions and routing and mustache for templates. I have a problem with the login associated with, I believe, the problem of accepting IE cookie. The problem only occurs in Internet Explorer, but otherwise the login works fine in Chrome. Here is my code:

func main() { r := mux.NewRouter() r.HandleFunc("/performance", Index) r.HandleFunc("/performance/login", Login) log.Fatal(http.ListenAndServe(":5901", r)) } func Index(w http.ResponseWriter, r *http.Request) { session, _ := store.Get(r, "performance") if session.Values["username"] == nil { http.Redirect(w, r, "/performance/login", http.StatusSeeOther) } dict := session.Values fmt.Fprintf(w, mustache.RenderFileInLayout("templates/index.html", "templates/basepage.html", dict)) } func Login(w http.ResponseWriter, r *http.Request) { if r.Method == "POST" { results := 0 r.ParseForm() u := r.FormValue("username") pass := r.FormValue("password") p := PassEncrypt(pass) q := map[string]string{} rows, err := db.Query("SELECT username, name, title FROM user WHERE (username=$1) AND (password=$2)", u, p) if err != nil { log.Fatal(err) } for rows.Next() { var username string var name string var title string if err := rows.Scan(&username, &name, &title); err != nil { log.Fatal(err) } q["username"] = username q["name"] = name q["title"] = title results++ } if results > 0 { session, _ := store.Get(r, "performance") session.Options = &sessions.Options{ MaxAge: 900, } session.Values["username"] = q["username"] session.Values["name"] = q["name"] session.Values["title"] = q["title"] session.Save(r, w) http.Redirect(w, r, "/performance", http.StatusSeeOther) } else { http.Redirect(w, r, "/performance/login", http.StatusSeeOther) } } else { fmt.Fprintf(w, mustache.RenderFileInLayout("templates/login.html", "templates/basepage.html", nil)) } }

When logging in using IE, the user is redirected back to the login page, because the value of the "username" session is zero, and in Chrome the username is correctly defined and the index page is displayed. For some reason, IE does not accept cookies, but I changed all the settings in IE to allow cookies from any site. Do I need to change one of the cookie settings or add something to the cookie other than "MaxAge" for IE in order to accept it? Thanks in advance.

+4
source share
2 answers

You probably need to determine the path to the cookie in your settings. The following struct functions should do the trick:

 session.Options = &sessions.Options{ Path: "/performance", }

This option limits the availability of cookies for this path, use "/" for the entire page.

Note that the max-age parameter is not supported by IE :

[...] Internet Explorer (including IE8) does not attempt to support any kind of RFC for cookies. WinINET (the network stitch below IE) has a cookie implementation based on the RFC Netscape preliminary code specification for cookies. This means that any version of Internet Explorer does not support directives such as max-age, cookie versions, etc.

By the way, you don't need MaxAge for session cookies (from IE cookie guide ):

 (expires=date;) If you set no expiration date on a cookie, it expires when the browser closes. If you set an expiration date, the cookie is saved across browser sessions. If you set an expiration date in the past, the cookie is deleted. Use Greenwich Mean Time (GMT) format to specify the date.

This is a must have for all major browsers.

+3
source

I had a similar problem when logout did not work on IE9 using Gorilla sessions (although the login worked fine).

In the end, I found that IE caches responses to my API endpoints and sends cached (304 NOT MODIFIED) responses to the client, although the cookie values ​​change.

Forcing API endpoints to cache resolves the issue:

 w.Header().Set("Expires", "Tue, 03 Jul 2001 06:00 GMT") w.Header().Set("Last-Modified", "{now} GMT") w.Header().Set("Cache-Control", "max-age=0, no-cache, must-revalidate, proxy-revalidate")
+1
source

Source: https://habr.com/ru/post/1485687/

More articles:


All Articles