fix bug of invalid session

pkg/middleware/stored_session.go

@@ -105,6 +105,10 @@ func (s *StoredSessionLoader) loadSession(next http.Handler) http.Handler {
 				resumeFlag := args[0].(bool)
 				validateSessionCallback := func(args ...interface{}) {
 					resumeFlag := args[0].(bool)
+					sessionValid := args[1].(bool)
+					if !sessionValid {
+						session = nil
+					}
 					scope.Session = session
 					next.ServeHTTP(rw, req)
 					if resumeFlag {
@@ -115,14 +119,11 @@ func (s *StoredSessionLoader) loadSession(next http.Handler) http.Handler {
 				}
 				if session != nil {
 					err, isAsync := s.validateSession(req.Context(), session, validateSessionCallback)
-					if err != nil {
-						session = nil
-					}
 					if !isAsync {
-						validateSessionCallback(resumeFlag)
+						validateSessionCallback(resumeFlag, err == nil)
 					}
 				} else {
-					validateSessionCallback(resumeFlag)
+					validateSessionCallback(resumeFlag, true)
 				}
 			}
 			keysNeedsUpdate := (session != nil) && (s.NeedsVerifier)

providers/internal_util.go

@@ -2,7 +2,6 @@ package providers
 
 import (
 	"context"
-	"fmt"
 	"net/http"
 	"net/url"
 
@@ -70,9 +69,10 @@ func validateToken(ctx context.Context, p Provider, accessToken string, header h
 	client.Get(endpoint, headerArray, func(statusCode int, responseHeaders http.Header, responseBody []byte) {
 		util.Logger.Debugf("%d GET %s %s", statusCode, stripToken(endpoint), responseBody)
 		if statusCode == 200 {
-			callback(true)
+			callback(true, true)
 		} else {
-			util.SendError(fmt.Sprintf("token validation request failed: status %d - %s", statusCode, responseBody), nil, http.StatusInternalServerError)
+			util.Logger.Errorf("token validation request failed: status %d - %s", statusCode, responseBody)
+			callback(false, false)
 		}
 	}, timeout)
 	return true, true