Open jackielii opened 3 months ago
In general, all HTTP headers must be set and finalized before any content is written. This means you basically have to buffer the output if you intent to modify the session while producing output (very common when popping flash messages). This has bitten me quite a few times.
In general, all HTTP headers must be set and finalized before any content is written. This means you basically have to buffer the output if you intent to modify the session while producing output (very common when popping flash messages). This has bitten me quite a few times.
Yes, I spend one afternoon tracking down the problem. My call stack was too deep, I didn't even suspect session manager at first.
I think even if it's decided that this is expected, I prefer to have a error or even panic for this so that I know what not to do.
In addition, my initial issue was the message not removed after Pop call. So I'm fine with the set-cookie header not present, but the values have to be removed from store.
This is caused by https://github.com/alexedwards/scs/blob/7e11d57e8885fd38c604d4f79f0eef355650b997/session.go#L158-L160
As demostrated in #216 https://github.com/alexedwards/scs/blob/8650757c94bcb44a97f0f206d0ca880cb126867c/session_test.go#L351-L391
If
Pop
happens after aw.Write
,sw.written
would betrue
. Therefore the commit would never happenThe second
/get
should have empty response, but it gotbar
instead: