diff --git a/CHANGELOG.md b/CHANGELOG.md index 8f1e2974..6494a1a2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,9 @@ Most recent version is listed first. +## v0.0.24 +- Set session cookie only if non-empty: https://github.com/komuw/ong/pull/170 + ## v0.0.23 - ong/client: Add log id http header: https://github.com/komuw/ong/pull/166 diff --git a/sess/sess.go b/sess/sess.go index 60ffad2c..eb363b26 100644 --- a/sess/sess.go +++ b/sess/sess.go @@ -117,20 +117,25 @@ func Save( mAge time.Duration, secretKey string, ) { - ctx := r.Context() - if vCtx := ctx.Value(ctxKey); vCtx != nil { - if s, ok := vCtx.(M); ok { - if value, err := json.Marshal(s); err == nil && value != nil { - cookie.SetEncrypted( - r, - w, - CookieName, - string(value), - domain, - mAge, - secretKey, - ) - } - } + savedSess := GetM(r) + if len(savedSess) <= 0 { + // If GetM returns a zero-length map, then we do not have to write any session. + return + } + + value, err := json.Marshal(savedSess) + if err != nil || value == nil { + // Technically, err can never be non-nil and value can never be nil. + // This is because, at this point; we know for sure that savedSess is a non zero-length map[string]string + return } + cookie.SetEncrypted( + r, + w, + CookieName, + string(value), + domain, + mAge, + secretKey, + ) }