Golang Cookie未删除

时间:2018-08-08 19:17:29

标签: go

在尝试测试以下代码时:

//SetSingleSignOn Sets the cookie to allow for single sign cross applications.
func SetSingleSignOn(w http.ResponseWriter, token string) {
    http.SetCookie(w, &http.Cookie{
        Name:     ssoCookie,
        Value:    token,
        Path:     "/",
        HttpOnly: false,
        Secure:   false,
        Domain:   "localhost",
        Expires:  time.Now().AddDate(0, 0, 7),
        MaxAge:   0,
    })
}

//DestroySingleSignOn Gets rid of single sign on, in case a user logs out of the application.
func DestroySingleSignOn(r *http.Request, w http.ResponseWriter) {
    cookie, err := r.Cookie(ssoCookie)
    if err != nil || cookie.Value == "" {
        return
    }

    cookie = &http.Cookie{
        Name:     ssoCookie,
        Path:     "/",
        HttpOnly: false,
        Secure:   false,
        Domain:   "localhost",
        Expires:  time.Now(),
        MaxAge:   -1}

    http.SetCookie(w, cookie)
}

我遇到了明显的错误失败。

我对SetSingleSignOn的所有测试均通过,但是对DestroySingleSignOn的健全性测试失败。

测试

看起来像这样:

t.Run("SignedOnFirst", func(t *testing.T) {

    req := httptest.NewRequest("POST",
        "localhost:42100",
        nil)
    w := httptest.NewRecorder()

    SetSingleSignOn(w, "12446rewa12314")

    // assert.NotPanics(t, func() { DestroySingleSignOn(req, w) })
    DestroySingleSignOn(req, w)

    // get the cookie
    res := w.Result()
    fmt.Println(res.Cookies())

    assert.Equal(t, 1, len(res.Cookies()))
    cookie := *res.Cookies()[0]
    // cookie should be named ssoCookie
    assert.Equal(t,
        ssoCookie,
        cookie.Name)

    // cookie should have already expired
    assert.True(t,
        time.Now().After(cookie.Expires))

})

就好像根本没有调用http.SetCookie(w, cookie)一样!更奇怪的是,当我取消对函数的直接调用

http.SetCookie(w, &http.Cookie{
    Name:     ssoCookie,
    Path:     "/",
    HttpOnly: false,
    Secure:   false,
    Domain:   "localhost",
    Expires:  time.Now(),
    MaxAge:   -1}

它似乎可以工作(最后一个cookie处于非活动状态),但是现在res.Cookies()中有两个 cookie!

可能是什么原因造成的?

1 个答案:

答案 0 :(得分:3)

DestorySingleSignOn函数中,您将从以下代码段开始:

cookie, err := r.Cookie(ssoCookie)
if err != nil || cookie.Value == "" {
    return
}

注意,您正在检查请求上的cookie,但是该cookie仅在响应上设置。您将需要发出请求以获取初始cookie集,然后使用该cookie发出第二个请求才能使该cookie工作。

t.Run("SignedOnFirst", func(t *testing.T) {

    req := httptest.NewRequest("POST",
        "localhost:42100",
        nil)
    w := httptest.NewRecorder()

    SetSingleSignOn(w, "12446rewa12314")

    // get the initial cookie
    res := w.Result()
    cookie := res.Cookies()[0]

    // issue a second request with the cookie
    req = httptest.NewRequest("POST",
        "localhost:42100",
        nil)
    req.AddCookie(cookie)
    w = httptest.NewRecorder()

    // assert.NotPanics(t, func() { DestroySingleSignOn(req, w) })
    DestroySingleSignOn(req, w)

    // get the new cookie
    res = w.Result()
    fmt.Println(res.Cookies())

    assert.Equal(t, 1, len(res.Cookies()))
    cookie = *res.Cookies()[0]
    // cookie should be named ssoCookie
    assert.Equal(t,
        ssoCookie,
        cookie.Name)

    // cookie should have already expired
    assert.True(t,
        time.Now().After(cookie.Expires))

})