Better logout
opened this issue · comments
Deleted user commented
Hello Sau Sheong Chang,
Congratulations for the book, it's very useful.
The logout
function in the book always triggers the warning
and doesn't delete the browser cookie:
func logout(writer http.ResponseWriter, request *http.Request) {
cookie, err := request.Cookie("_cookie")
if err != http.ErrNoCookie {
warning(err, "Failed to get cookie")
session := data.Session{Uuid: cookie.Value}
session.DeleteByUUID()
}
http.Redirect(writer, request, "/", 302)
}
A possible solution could be:
func logout(writer http.ResponseWriter, request *http.Request) {
cookie, err := request.Cookie("_cookie")
if err != http.ErrNoCookie {
session := data.Session{Uuid: cookie.Value}
session.DeleteByUUID()
cookie.MaxAge = -1
cookie.Expires = time.Unix(1, 0)
http.SetCookie(writer, cookie)
} else {
warning(err, "Failed to get cookie")
}
http.Redirect(writer, request, "/", 302)
}