Ok where to start...
The problem is when I set the session's Path to "/" the session doesn't get saved.
And I set Path because when posting to a path that is not the path where the session gets saved, aka session.Save() is called the session value "user" is empty|nil|not set. So I set Path: "/", but the session isn't saved. When checking Chromium I see that the cookie is set. I don't know where the problem is. Is it in gorilla/sessions? Is it in AngularJS? HTML5 mode is off in angular.
So to rephrase, this happens because /api/1.0/community is a different path than /api/1.0/user where the sessions.Save(r,w) function is called and that's why I set Path: "/", . But when Path is "/" the session value "user" isn't saved.
main.go
var (
sessionStore *sessions.CookieStore
sessionAuthKey []byte = make([]byte, 64)
sessionCryptKey []byte = make([]byte, 32)
router *mux.Router = mux.NewRouter()
)
func init() {
// Generate Session Secret
sessionAuthKey = securecookie.GenerateRandomKey(64)
sessionCryptKey = securecookie.GenerateRandomKey(32)
// Create Session
sessionStore = sessions.NewCookieStore(sessionAuthKey, sessionCryptKey)
sessionStore.Options = &sessions.Options{
Domain: ".mango.dev",
Path: "/",
MaxAge: 0,
}
}
func main() {
api := router.PathPrefix("/api/1.0").Subrouter()
api.HandleFunc("/user/register", UserRegisterHandler).Methods("POST")
api.HandleFunc("/user/authenticate", UserAuthenticateHandler).Methods("POST")
api.HandleFunc("/user/endsession", UserLogoutHandler).Methods("POST")
api.HandleFunc("/user/profile", UserProfileHandler).Methods("GET")
api.HandleFunc("/user/profile", UserUpdateProfileHandler).Methods("POST")
api.HandleFunc("/user/reset_request", UserResetRequestHandler).Methods("POST")
api.HandleFunc("/user/reset_password", UserResetPasswordHandler).Methods("POST")
api.HandleFunc("/user/loginstatus", UserLoginStatusHandler).Methods("GET")
api.HandleFunc("/forums/directory", ForumsDirectoryHandler).Methods("GET")
api.HandleFunc("/community/list", CommunityListHandler).Methods("GET")
api.HandleFunc("/community/show", CommunityShowHandler).Methods("GET")
api.HandleFunc("/community/create", CommunityCreateHandler).Methods("POST")
api.HandleFunc("/community/edit", CommunityEditHandler).Methods("GET")
static := router.PathPrefix("/").Subrouter()
static.Methods("GET").Handler(http.FileServer(http.Dir("webapp/public")))
go func() {
if err := http.ListenAndServe(":8080", Log(router)); err != nil {
log.Fatal(err)
}
}()
if err := http.ListenAndServeTLS(":8443", "ssl/mango.dev.crt", "ssl/mango.dev.pem", Log(router)); err != nil {
log.Fatal(err)
}
}
handlers.go
func UserAuthenticateHandler(w http.ResponseWriter, r *http.Request) {
// ...
if valid {
tu.Name = user.UserProfile.Name
data["user"] = tu
data["redirect"] = "/user/profile"
user.Login(r.UserAgent(), r.RemoteAddr)
session, _ := sessionStore.Get(r, "p")
session.Values["user"] = user.Id.Hex()
if tc.Rememberme {
session.Options = &sessions.Options{
Domain: ".mango.dev",
Path: "/",
MaxAge: 86400 * 30 * 12,
}
}
session.Save(r, w)
}
The problem was dundundun I had old cookies stored from before the change that had the Path "/api/1.0/user" and apparently this caused a problem since, I imagine, the longer or deeper path has priority over the shorter, root path, which makes perfect sense in retrospect.