From a6c53ae740f5df803efd8b5b40b61fee156895c8 Mon Sep 17 00:00:00 2001 From: Jeremy Yen Date: Thu, 23 Nov 2023 03:54:29 +0800 Subject: [PATCH] url encode session cookie --- internal/session_cookie.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/internal/session_cookie.go b/internal/session_cookie.go index bf9fbf7..a483cfa 100644 --- a/internal/session_cookie.go +++ b/internal/session_cookie.go @@ -17,6 +17,7 @@ import ( "fmt" "log" "math/rand" + "net/url" "strconv" "strings" "time" @@ -119,14 +120,15 @@ func sessionCookieEndPoint(c *gin.Context, config *Config) error { */ clientIp := c.Request.Header.Get("X-Client-IP") dsc, err := c.Cookie(SessionCookieName) + urlDecodedDsc, _ := url.QueryUnescape(dsc) if err == nil { // cookie exists, validate it - validateErr := validateSessionCookie(dsc, config.SessionCookieHmacSecret, time.Now(), clientIp) + validateErr := validateSessionCookie(urlDecodedDsc, config.SessionCookieHmacSecret, time.Now(), clientIp) if validateErr == nil || config.SessionCookieNotVerify { // cookie is valid, do not attach cookie but only report dsc_new=false // fmt.Printf("DSC: [%s] cookie %s is valid, report dsc_new=false\n", clientIp, dsc) - attachSessionCookie(c, config, dsc, false) + attachSessionCookie(c, config, urlDecodedDsc, false) } else { // cookie is invalid, create a new one newDsc := newSessionCookie(config.SessionCookieHmacSecret, config.SessionCookieTtlSeconds, clientIp) @@ -145,7 +147,8 @@ func sessionCookieEndPoint(c *gin.Context, config *Config) error { func attachSessionCookie(c *gin.Context, config *Config, dsc string, dsc_new bool) { if dsc_new { - c.SetCookie(SessionCookieName, dsc, config.SessionCookieTtlSeconds, "/", "", false, true) + urlEncodedDsc := url.QueryEscape(dsc) + c.SetCookie(SessionCookieName, urlEncodedDsc, config.SessionCookieTtlSeconds, "/", "", false, true) } // for nginx log c.Header("X-Deflect-Session", dsc)