Better logout
opened this issue · comments
Hello Sau Sheong Chang,
Congratulations for the book, it's very useful.
The logout function in the book always triggers the warning and doesn't delete the browser cookie:
func logout(writer http.ResponseWriter, request *http.Request) {
cookie, err := request.Cookie("_cookie")
if err != http.ErrNoCookie {
warning(err, "Failed to get cookie")
session := data.Session{Uuid: cookie.Value}
session.DeleteByUUID()
}
http.Redirect(writer, request, "/", 302)
}A possible solution could be:
func logout(writer http.ResponseWriter, request *http.Request) {
cookie, err := request.Cookie("_cookie")
if err != http.ErrNoCookie {
session := data.Session{Uuid: cookie.Value}
session.DeleteByUUID()
cookie.MaxAge = -1
cookie.Expires = time.Unix(1, 0)
http.SetCookie(writer, cookie)
} else {
warning(err, "Failed to get cookie")
}
http.Redirect(writer, request, "/", 302)
}