Session doesn't cleanup

gorilla / sessions

Package gorilla/sessions provides cookie and filesystem sessions and infrastructure for custom session backends.

https://gorilla.github.io

BSD 3-Clause "New" or "Revised" License

2.89k stars 370 forks source link

Session doesn't cleanup #241

Closed yosa12978 closed 3 years ago

yosa12978 commented 3 years ago

Here is my logout function

func (ah *AuthHandler) LogoutUser(w http.ResponseWriter, r *http.Request) {
    s, err := midware.Store.Get(r, "user_store")
    if err != nil {
        w.Write([]byte(err.Error()))
        return
    }
    delete(s.Values, "username")
    delete(s.Values, "role")
    delete(s.Values, "authenticated")
    err = s.Save(r, w)
    if err != nil {
        w.Write([]byte(err.Error()))
        return
    }
    http.Redirect(w, r, "/auth/login", 301)
}

when i try to call it for eg 2 times, session doesn't cleanup

elithrar commented 3 years ago

What are you expecting to happen? Deleting the values does not delete the cookie.

yosa12978 commented 3 years ago

Values doesn't delete

yosa12978 commented 3 years ago

The problem was happening because browser cached handler results. I solved this problem with disabling client caching

responseWriter.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate") // HTTP 1.1. 
responseWriter.Header().Set("Pragma", "no-cache") // HTTP 1.0. 
responseWriter.Header().Set("Expires", "0") // Proxies.