import (
"net/http"
- "code.gitea.io/gitea/modules/setting"
- "code.gitea.io/gitea/modules/web/middleware"
-
"gitea.com/go-chi/session"
)
// RegenerateSession regenerates the underlying session and returns the new store
func RegenerateSession(resp http.ResponseWriter, req *http.Request) (Store, error) {
- // Ensure that a cookie with a trailing slash does not take precedence over
- // the cookie written by the middleware.
- middleware.DeleteLegacySiteCookie(resp, setting.SessionConfig.CookieName)
-
+ for _, f := range BeforeRegenerateSession {
+ f(resp, req)
+ }
s, err := session.RegenerateSession(resp, req)
return s, err
}
+
+// BeforeRegenerateSession is a list of functions that are called before a session is regenerated.
+var BeforeRegenerateSession []func(http.ResponseWriter, *http.Request)
"net/url"
"strings"
+ "code.gitea.io/gitea/modules/session"
"code.gitea.io/gitea/modules/setting"
)
// Previous versions would use a cookie path with a trailing /.
// These are more specific than cookies without a trailing /, so
// we need to delete these if they exist.
- DeleteLegacySiteCookie(resp, name)
+ deleteLegacySiteCookie(resp, name)
}
-// DeleteLegacySiteCookie deletes the cookie with the given name at the cookie
+// deleteLegacySiteCookie deletes the cookie with the given name at the cookie
// path with a trailing /, which would unintentionally override the cookie.
-func DeleteLegacySiteCookie(resp http.ResponseWriter, name string) {
+func deleteLegacySiteCookie(resp http.ResponseWriter, name string) {
if setting.SessionConfig.CookiePath == "" || strings.HasSuffix(setting.SessionConfig.CookiePath, "/") {
// If the cookie path ends with /, no legacy cookies will take
// precedence, so do nothing. The exception is that cookies with no
}
resp.Header().Add("Set-Cookie", cookie.String())
}
+
+func init() {
+ session.BeforeRegenerateSession = append(session.BeforeRegenerateSession, func(resp http.ResponseWriter, _ *http.Request) {
+ // Ensure that a cookie with a trailing slash does not take precedence over
+ // the cookie written by the middleware.
+ deleteLegacySiteCookie(resp, setting.SessionConfig.CookieName)
+ })
+}