4

My following code 

package inqzincrm

import (
    "github.com/gorilla/pat"
    "github.com/gorilla/sessions"
    "net/http"
)

var store = sessions.NewCookieStore([]byte("X12h8v6BZC4QJl53KfNLshtr85gkC5OZ"), []byte("X12h8vasdf6BZC4QJl53KfNLshtr85gk"))

func init() {

    r := pat.New()
    r.Get("/", Home)

    http.Handle("/", r)
}

and in handler,

package inqzincrm

import (
    "appengine"
    "html/template"
    "net/http"
)

var aTmplt = template.Must(template.ParseFiles(
    "inqzincrm/templates/base.html",
    "inqzincrm/templates/index.html",
))

func Home(w http.ResponseWriter, r *http.Request) {
    c := appengine.NewContext(r)

    session, err := store.Get(r, "x")

    c.Infof("HOST: %s", r.Host)

    if session.IsNew {
        session.Options.Domain = r.Host
        session.Options.Path = "/"
        session.Options.MaxAge = 0
        session.Options.HttpOnly = false
        session.Options.Secure = false
    }

    if err != nil {
        c.Infof("Error getting session: %v", err)
    }
    c.Infof("Requested URL: %v", session.Values["foo"])
    session.Values["foo"] = "asdf"
    if err := aTmplt.ExecuteTemplate(w, "index.html", nil); err != nil {
        http.Error(w, err.Error(), http.StatusInternalServerError)
    }
    session.Save(r, w)
}

do not set any cookie on browser side. how ever result and err are nil indicating no problem with the functions.

How I should debug further ?

I am using Ubuntu 64 bit, Google App Engine, Go with Gorilla tool kit.

iamgopal
  • 8,806
  • 6
  • 38
  • 52
  • 1
    Remove `result :=` and just call `session.Save(w, r)` by itself. You will also need to set `Store.Options` — specifically the `Path` setting. – elithrar Jul 30 '13 at 12:23

2 Answers2

4

Have a look at my answer to a previous question here.

In short form:

import (
    "github.com/gorilla/sessions"
    "net/http"
)

// Authorization Key
var authKey = []byte("somesecret")

// Encryption Key
var encKey = []byte("someothersecret")

var store = sessions.NewCookieStore(authKey, encKey)

func initSession(r *http.Request) *sessions.Session {
    session, _ := store.Get(r, "my_cookie") // Don't ignore the error in real code
    if session.IsNew { //Set some cookie options
        session.Options.Domain = "example.org"
        session.Options.MaxAge = 0
        session.Options.HttpOnly = false
        session.Options.Secure = true
    }
    return session
}

Then, in your handlers:

func ViewPageHandler(w http.ResponseWriter, r *http.Request) {
    session := initSession(r)
    session.Values["page"] = "view"
    session.Save(r, w)
....

Your code seems to do the same thing, so without more of an example I can't see any problem with it. I can say that the example I've posted is (very slightly modified) from a working server.

Community
  • 1
  • 1
Intermernet
  • 18,604
  • 4
  • 49
  • 61
  • I have noticed your post while researching for the solution. That's why I asked about how I should debug it ? – iamgopal Jul 30 '13 at 12:20
  • 1
    I have a feeling it may be due to not setting the domain name in `session.Options.Domain`. Many browsers may have started being paranoid about this for security reasons. The spec says something like "If not specified, they default to the domain and path of the object that was requested" but that may not be enough for modern browsers. Just a guess though. – Intermernet Jul 30 '13 at 12:24
  • tried with session.Options = &sessions.Options{ Path: "/", Domain: "localhost:8080", } in handler. did not worked. – iamgopal Jul 30 '13 at 12:29
  • Maybe try just `Domain: "localhost"`. I'm not sure the port is included as part of the domain. – Intermernet Jul 30 '13 at 12:30
  • Try `Domain: "fluid-coupling-9.appspot.com"` – Intermernet Jul 30 '13 at 12:47
  • 1
    Sorry, I'm stumped, it looks like it should be working. If I think of anything else I'll keep you updated. – Intermernet Jul 30 '13 at 13:06
3

the code session.save() should come before template execution code. it has been mentioned no where. but that was the whole mistake.

iamgopal
  • 8,806
  • 6
  • 38
  • 52
  • 1
    Right. The cookie is written to the browser through the response, so if you've already sent the response when you update the cookie, the browser never sees it. – mzimmerman Aug 01 '13 at 11:14