all: properly implement regenerate session ID

.golangci.yml

@@ -4,18 +4,16 @@ linters-settings:
 
 linters:
   enable:
-    - deadcode
     - errcheck
     - gosimple
     - govet
     - ineffassign
     - staticcheck
-    - structcheck
     - typecheck
     - unused
-    - varcheck
     - nakedret
     - gofmt
     - rowserrcheck
     - unconvert
     - goimports
+    - unused

file.go

@@ -22,18 +22,21 @@ type fileStore struct {
 	nowFunc  func() time.Time // The function to return the current time
 	lifetime time.Duration    // The duration to have no access to a session before being recycled
 	rootDir  string           // The root directory of file session items stored on the local file system
-	encoder  Encoder          // The encoder to encode the session data before saving
-	decoder  Decoder          // The decoder to decode binary to session data after reading
+
+	encoder  Encoder
+	decoder  Decoder
+	idWriter IDWriter
 }
 
 // newFileStore returns a new file session store based on given configuration.
-func newFileStore(cfg FileConfig) *fileStore {
+func newFileStore(cfg FileConfig, idWriter IDWriter) *fileStore {
 	return &fileStore{
 		nowFunc:  cfg.nowFunc,
 		lifetime: cfg.Lifetime,
 		rootDir:  cfg.RootDir,
 		encoder:  cfg.Encoder,
 		decoder:  cfg.Decoder,
+		idWriter: idWriter,
 	}
 }
 
@@ -70,7 +73,7 @@ func (s *fileStore) Read(_ context.Context, sid string) (Session, error) {
 			return nil, errors.Wrap(err, "create parent directory")
 		}
 
-		return NewBaseSession(sid, s.encoder), nil
+		return NewBaseSession(sid, s.encoder, s.idWriter), nil
 	}
 
 	// Discard existing data if it's expired
@@ -79,7 +82,7 @@ func (s *fileStore) Read(_ context.Context, sid string) (Session, error) {
 		return nil, errors.Wrap(err, "stat file")
 	}
 	if !fi.ModTime().Add(s.lifetime).After(s.nowFunc()) {
-		return NewBaseSession(sid, s.encoder), nil
+		return NewBaseSession(sid, s.encoder, s.idWriter), nil
 	}
 
 	binary, err := os.ReadFile(filename)
@@ -91,7 +94,7 @@ func (s *fileStore) Read(_ context.Context, sid string) (Session, error) {
 	if err != nil {
 		return nil, errors.Wrap(err, "decode")
 	}
-	return NewBaseSessionWithData(sid, s.encoder, data), nil
+	return NewBaseSessionWithData(sid, s.encoder, s.idWriter, data), nil
 }
 
 func (s *fileStore) Destroy(_ context.Context, sid string) error {
@@ -169,7 +172,7 @@ func (s *fileStore) GC(ctx context.Context) error {
 
 // FileConfig contains options for the file session store.
 type FileConfig struct {
-	// For tests only
+	// For tests only.
 	nowFunc func() time.Time
 
 	// Lifetime is the duration to have no access to a session before being
@@ -188,12 +191,18 @@ type FileConfig struct {
 func FileIniter() Initer {
 	return func(ctx context.Context, args ...interface{}) (Store, error) {
 		var cfg *FileConfig
+		var idWriter IDWriter
 		for i := range args {
 			switch v := args[i].(type) {
 			case FileConfig:
 				cfg = &v
+			case IDWriter:
+				idWriter = v
 			}
 		}
+		if idWriter == nil {
+			return nil, errors.New("IDWriter not given")
+		}
 
 		if cfg == nil {
 			return nil, fmt.Errorf("config object with the type '%T' not found", FileConfig{})
@@ -214,6 +223,6 @@ func FileIniter() Initer {
 			cfg.Decoder = GobDecoder
 		}
 
-		return newFileStore(*cfg), nil
+		return newFileStore(*cfg, idWriter), nil
 	}
 }

file_test.go

@@ -91,6 +91,7 @@ func TestFileStore_GC(t *testing.T) {
 			RootDir:  filepath.Join(os.TempDir(), "sessions"),
 			Lifetime: time.Second,
 		},
+		IDWriter(func(http.ResponseWriter, *http.Request, string) {}),
 	)
 	require.Nil(t, err)
 
@@ -137,6 +138,7 @@ func TestFileStore_Touch(t *testing.T) {
 			RootDir:  filepath.Join(os.TempDir(), "sessions"),
 			Lifetime: time.Second,
 		},
+		IDWriter(func(http.ResponseWriter, *http.Request, string) {}),
 	)
 	require.Nil(t, err)
 

manager_test.go

@@ -26,7 +26,7 @@ func TestIsValidSessionID(t *testing.T) {
 }
 
 func TestManager_startGC(t *testing.T) {
-	m := newManager(newMemoryStore(MemoryConfig{}))
+	m := newManager(newMemoryStore(MemoryConfig{}, nil))
 	stop := m.startGC(
 		context.Background(),
 		time.Minute,

memory.go

@@ -9,6 +9,8 @@ import (
 	"context"
 	"sync"
 	"time"
+
+	"github.com/pkg/errors"
 )
 
 var _ Session = (*memorySession)(nil)
@@ -24,9 +26,9 @@ type memorySession struct {
 }
 
 // newMemorySession returns a new memory session with given session ID.
-func newMemorySession(sid string) *memorySession {
+func newMemorySession(sid string, idWriter IDWriter) *memorySession {
 	return &memorySession{
-		BaseSession: NewBaseSession(sid, nil),
+		BaseSession: NewBaseSession(sid, nil, idWriter),
 	}
 }
 
@@ -52,15 +54,18 @@ type memoryStore struct {
 	lock  sync.RWMutex              // The mutex to guard accesses to the heap and index
 	heap  []*memorySession          // The heap to be managed by operations of heap.Interface
 	index map[string]*memorySession // The index to be managed by operations of heap.Interface
+
+	idWriter IDWriter
 }
 
 // newMemoryStore returns a new memory session store based on given
 // configuration.
-func newMemoryStore(cfg MemoryConfig) *memoryStore {
+func newMemoryStore(cfg MemoryConfig, idWriter IDWriter) *memoryStore {
 	return &memoryStore{
 		nowFunc:  cfg.nowFunc,
 		lifetime: cfg.Lifetime,
 		index:    make(map[string]*memorySession),
+		idWriter: idWriter,
 	}
 }
 
@@ -136,7 +141,7 @@ func (s *memoryStore) Read(_ context.Context, sid string) (Session, error) {
 		return sess, nil
 	}
 
-	sess = newMemorySession(sid)
+	sess = newMemorySession(sid, s.idWriter)
 	sess.SetLastAccessedAt(s.nowFunc())
 	heap.Push(s, sess)
 	return sess, nil
@@ -219,12 +224,18 @@ type MemoryConfig struct {
 func MemoryIniter() Initer {
 	return func(_ context.Context, args ...interface{}) (Store, error) {
 		var cfg *MemoryConfig
+		var idWriter IDWriter
 		for i := range args {
 			switch v := args[i].(type) {
 			case MemoryConfig:
 				cfg = &v
+			case IDWriter:
+				idWriter = v
 			}
 		}
+		if idWriter == nil {
+			return nil, errors.New("IDWriter not given")
+		}
 
 		if cfg == nil {
 			cfg = &MemoryConfig{}
@@ -237,6 +248,6 @@ func MemoryIniter() Initer {
 			cfg.Lifetime = 3600 * time.Second
 		}
 
-		return newMemoryStore(*cfg), nil
+		return newMemoryStore(*cfg, idWriter), nil
 	}
 }

memory_test.go

@@ -80,6 +80,7 @@ func TestMemoryStore_GC(t *testing.T) {
 			nowFunc:  func() time.Time { return now },
 			Lifetime: time.Second,
 		},
+		nil,
 	)
 
 	sess1, err := store.Read(ctx, "1")
@@ -125,6 +126,7 @@ func TestMemoryStore_Touch(t *testing.T) {
 			nowFunc:  func() time.Time { return now },
 			Lifetime: time.Second,
 		},
+		nil,
 	)
 
 	sess, err := store.Read(ctx, "1")

mongo/mongo.go

@@ -26,19 +26,22 @@ type mongoStore struct {
 	lifetime   time.Duration    // The duration to have access to a session before being recycled
 	db         *mongo.Database  // The database connection
 	collection string           // The database collection for storing session data
-	encoder    session.Encoder  // The encoder to encode the session data before saving
-	decoder    session.Decoder  // The decoder to decode binary to session data after reading
+
+	encoder  session.Encoder
+	decoder  session.Decoder
+	idWriter session.IDWriter
 }
 
 // newMongoStore returns a new MongoDB session store based on given configuration.
-func newMongoStore(cfg Config) *mongoStore {
+func newMongoStore(cfg Config, idWriter session.IDWriter) *mongoStore {
 	return &mongoStore{
 		nowFunc:    cfg.nowFunc,
 		lifetime:   cfg.Lifetime,
 		db:         cfg.db,
 		collection: cfg.Collection,
 		encoder:    cfg.Encoder,
 		decoder:    cfg.Decoder,
+		idWriter:   idWriter,
 	}
 }
 
@@ -63,19 +66,19 @@ func (s *mongoStore) Read(ctx context.Context, sid string) (session.Session, err
 
 		// Discard existing data if it's expired
 		if !s.nowFunc().Before(expiredAt.Time().Add(s.lifetime)) {
-			return session.NewBaseSession(sid, s.encoder), nil
+			return session.NewBaseSession(sid, s.encoder, s.idWriter), nil
 		}
 
 		data, err := s.decoder(binary.Data)
 		if err != nil {
 			return nil, errors.Wrap(err, "decode")
 		}
-		return session.NewBaseSessionWithData(sid, s.encoder, data), nil
+		return session.NewBaseSessionWithData(sid, s.encoder, s.idWriter, data), nil
 	} else if err != mongo.ErrNoDocuments {
 		return nil, errors.Wrap(err, "find")
 	}
 
-	return session.NewBaseSession(sid, s.encoder), nil
+	return session.NewBaseSession(sid, s.encoder, s.idWriter), nil
 }
 
 func (s *mongoStore) Destroy(ctx context.Context, sid string) error {
@@ -157,12 +160,18 @@ type Config struct {
 func Initer() session.Initer {
 	return func(ctx context.Context, args ...interface{}) (session.Store, error) {
 		var cfg *Config
+		var idWriter session.IDWriter
 		for i := range args {
 			switch v := args[i].(type) {
 			case Config:
 				cfg = &v
+			case session.IDWriter:
+				idWriter = v
 			}
 		}
+		if idWriter == nil {
+			return nil, errors.New("IDWriter not given")
+		}
 
 		if cfg == nil {
 			return nil, fmt.Errorf("config object with the type '%T' not found", Config{})
@@ -194,6 +203,6 @@ func Initer() session.Initer {
 			cfg.Decoder = session.GobDecoder
 		}
 
-		return newMongoStore(*cfg), nil
+		return newMongoStore(*cfg, idWriter), nil
 	}
 }

mongo/mongo_test.go

@@ -192,6 +192,7 @@ func TestMongoStore_Touch(t *testing.T) {
 			db:       db,
 			Lifetime: time.Second,
 		},
+		session.IDWriter(func(http.ResponseWriter, *http.Request, string) {}),
 	)
 	require.Nil(t, err)
 

mysql/mysql.go

@@ -24,19 +24,22 @@ type mysqlStore struct {
 	lifetime time.Duration    // The duration to have no access to a session before being recycled
 	db       *sql.DB          // The database connection
 	table    string           // The database table for storing session data
-	encoder  session.Encoder  // The encoder to encode the session data before saving
-	decoder  session.Decoder  // The decoder to decode binary to session data after reading
+
+	encoder  session.Encoder
+	decoder  session.Decoder
+	idWriter session.IDWriter
 }
 
 // newMySQLStore returns a new MySQL session store based on given configuration.
-func newMySQLStore(cfg Config) *mysqlStore {
+func newMySQLStore(cfg Config, idWriter session.IDWriter) *mysqlStore {
 	return &mysqlStore{
 		nowFunc:  cfg.nowFunc,
 		lifetime: cfg.Lifetime,
 		db:       cfg.db,
 		table:    cfg.Table,
 		encoder:  cfg.Encoder,
 		decoder:  cfg.Decoder,
+		idWriter: idWriter,
 	}
 }
 
@@ -67,19 +70,19 @@ func (s *mysqlStore) Read(ctx context.Context, sid string) (session.Session, err
 	if err == nil {
 		// Discard existing data if it's expired
 		if !s.nowFunc().Before(expiredAt.Add(s.lifetime)) {
-			return session.NewBaseSession(sid, s.encoder), nil
+			return session.NewBaseSession(sid, s.encoder, s.idWriter), nil
 		}
 
 		data, err := s.decoder(binary)
 		if err != nil {
 			return nil, errors.Wrap(err, "decode")
 		}
-		return session.NewBaseSessionWithData(sid, s.encoder, data), nil
+		return session.NewBaseSessionWithData(sid, s.encoder, s.idWriter, data), nil
 	} else if err != sql.ErrNoRows {
 		return nil, errors.Wrap(err, "select")
 	}
 
-	return session.NewBaseSession(sid, s.encoder), nil
+	return session.NewBaseSession(sid, s.encoder, s.idWriter), nil
 }
 
 func (s *mysqlStore) Destroy(ctx context.Context, sid string) error {
@@ -158,12 +161,18 @@ type Config struct {
 func Initer() session.Initer {
 	return func(ctx context.Context, args ...interface{}) (session.Store, error) {
 		var cfg *Config
+		var idWriter session.IDWriter
 		for i := range args {
 			switch v := args[i].(type) {
 			case Config:
 				cfg = &v
+			case session.IDWriter:
+				idWriter = v
 			}
 		}
+		if idWriter == nil {
+			return nil, errors.New("IDWriter not given")
+		}
 
 		if cfg == nil {
 			return nil, fmt.Errorf("config object with the type '%T' not found", Config{})
@@ -212,6 +221,6 @@ CREATE TABLE IF NOT EXISTS sessions (
 			cfg.Decoder = session.GobDecoder
 		}
 
-		return newMySQLStore(*cfg), nil
+		return newMySQLStore(*cfg, idWriter), nil
 	}
 }