read cookies only if enabled.

This commit is contained in:
Miroslav Šedivý 2021-04-24 21:11:07 +02:00
parent 04d2fa8863
commit 4f1e3c879a

View File

@ -55,6 +55,14 @@ func (manager *SessionManagerCtx) Authenticate(r *http.Request) (types.Session,
} }
func (manager *SessionManagerCtx) getToken(r *http.Request) (string, bool) { func (manager *SessionManagerCtx) getToken(r *http.Request) (string, bool) {
if manager.CookieEnabled() {
// get from Cookie
cookie, err := r.Cookie(manager.config.CookieName)
if err == nil {
return cookie.Value, true
}
}
// get from Header // get from Header
reqToken := r.Header.Get("Authorization") reqToken := r.Header.Get("Authorization")
splitToken := strings.Split(reqToken, "Bearer ") splitToken := strings.Split(reqToken, "Bearer ")
@ -62,12 +70,6 @@ func (manager *SessionManagerCtx) getToken(r *http.Request) (string, bool) {
return strings.TrimSpace(splitToken[1]), true return strings.TrimSpace(splitToken[1]), true
} }
// get from Cookie
cookie, err := r.Cookie(manager.config.CookieName)
if err == nil {
return cookie.Value, true
}
// get from URL // get from URL
token := r.URL.Query().Get("token") token := r.URL.Query().Get("token")
if token != "" { if token != "" {