heimoshuiyu/gonic
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

delete user session instead of username when logging out

Browse Source
This commit is contained in:
sentriz
2019-04-25 14:41:16 +01:00
parent 2d7e2e379b
commit 60f1e7f192
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
handler/admin.go
View File

@@ -43,7 +43,7 @@ func (c *Controller) ServeLoginDo(w http.ResponseWriter, r *http.Request) {
func (c *Controller) ServeLogout(w http.ResponseWriter, r *http.Request) {
session := r.Context().Value("session").(*sessions.Session)
delete(session.Values, "user")
session.Options.MaxAge = -1
session.Save(r, w)
http.Redirect(w, r, "/admin/login", http.StatusSeeOther)
}

2
handler/middleware.go
View File

@@ -121,7 +121,7 @@ func (c *Controller) WithUserSession(next http.HandlerFunc) http.HandlerFunc {
http.Redirect(w, r, "/admin/login", http.StatusSeeOther)
return
}
// take username from sesion and add the user row
// take username from sesion and add the user row to the context
user := c.GetUserFromName(username)
if user.ID == 0 {
// the username in the client's session no longer relates to a