Hi, first thanks for this package, it's really easy to use.
If I understand correctly, when using the filesystem store for the sessions, the session cookies the client gets only contain the IDs of the sessions (as it is not a CookieStore). The backend retrieves up on an http request the session from the filesystem and loads it into memory (or once in-memory and keeps it for subsequent requests).
Why isn't there a function to remove sessions from the filesystem store/in-memory?
My current scenario is following; When a user logs out, I want the session to be deleted:
However, right now as long as I never change the private key for signing cookies, the session will be valid forever.
I could work around this problem by having a flag on the session object indicating wether the session is still valid but that would leave me with manually having to remove the sessions from the filesystem store.
Is it possible to add a function like filesystemStore.RemoveSession(id string)
to let the store clean the session from the filesystem and in-memory loaded sessions?
Setting sess.MaxAge(-1)
and then calling sess.Save
will delete the session: https://github.com/gorilla/sessions/blob/master/store.go#L213-L223
Docs here: http://www.gorillatoolkit.org/pkg/sessions#FilesystemStore.Save
Save adds a single session to the response.
If the Options.MaxAge of the session is <= 0 then the session file will be deleted from the store path. With this process it enforces the properly session cookie handling so no need to trust in the cookie management in the web browser.
Hope that clarifies.
Closing - please re-open if you have any questions!
Wondering how to handle the case with obsolete session files, e.g. some session is authenticated in browser private mode and later, obviously, wouldn't come back to logout and give signal for session file removal, are there any recommended way to handle such a case?
Most helpful comment
Setting
sess.MaxAge(-1)
and then callingsess.Save
will delete the session: https://github.com/gorilla/sessions/blob/master/store.go#L213-L223Docs here: http://www.gorillatoolkit.org/pkg/sessions#FilesystemStore.Save
Hope that clarifies.