Closed d2ro closed 1 year ago
I don't think we should change the behavior of GobCodec
, I think it's important for it to always return an error if one is encountered.
If you want to ignore the error in specific scenarios, then I believe the right way to do this is to implement your own custom GobCodec
type, just like you have with TryGobCodec
. Although I'd suggest that you check for a specific expected error and choose to ignore it, rather than just ignoring all errors completely.
Thank you very much for your reply. I absolutely agree with you that an error should always be returned if one is encountered.
I still see the risk that a developer might unwittingly modify the gob serialization format of a custom data type which is stored in a session. That would result in visitors getting internal server errors if their session still holds data in the old serialization format.
A custom ErrorFunc
which clears the session (if the error is a gob error) is probably a better solution for this.
A custom ErrorFunc which clears the session (if the error is a gob error) is probably a better solution for this.
Good idea, I think that could be a nice approach to this.
If a custom type is stored in a session, and that custom type is modified, then
GobCodec.Decode
fails if a session contains the old type.LoadAndSave
returns an "Internal Server Error" and the http handler is not even called.A clean way to prevent this would be to never change a type used in a session, and version custom types (
CustomTypeV1
,CustomTypeV2
etc) instead.But either way, getting empty session data might always better than just getting an internal server error, which lasts until the user deletes their cookies or the session expires. Thus I'm using a custom GobCodec which just drops the error:
What is your opinion on this? I could submit a pull request to add
TryGobCodec
. Or would it be useful to change the behavior ofGobCodec
?