I have set up a Go rest api.
(我已经设置了Go rest api。)
And on login I do this:(并在登录时执行此操作:)
session, _ := store.New(r, sessionId)
session.Options.MaxAge = 12 * 3600
err := session.Save(r, w)
//treat error
and for checking the session i have smth like this:
(为了检查会话,我有这样的东西:)
session, err := store.Get(r, sessionId)
//treat error
if session.IsNew {
http.Error(w, "Unauthorized session.", http.StatusUnauthorized)
return
}
If I do the requests from postman it works fine, but when I do them from my client I get 401. Has any of you experienced something like this?
(如果我执行邮递员的请求,效果很好,但是当我从客户那里收到请求时,我会收到401。你们中的任何人是否经历过类似的事情?)
The store is a CookieStore.(该商店是一个CookieStore。)
I already checked the id's, I replaced sessionId variable with a static string.
(我已经检查了ID,将sessionId变量替换为静态字符串。)
Gorilla session uses gorilla context to register a new request and when I do the request from postmancontext.data[r]
is not null, but from the client it is always null -> always a new session. (大猩猩会话使用大猩猩上下文注册一个新请求,当我从邮递员上下文中发出请求时context.data[r]
不为null,但从客户端它始终为null->始终是一个新会话。)
https://github.com/gorilla/context/blob/master/context.go - line 33
(https://github.com/gorilla/context/blob/master/context.go-第33行)
it is called in
(它被称为)
https://github.com/gorilla/sessions/blob/master/sessions.go - line 122
(https://github.com/gorilla/sessions/blob/master/sessions.go-第122行)
wich is used in the CookieStore.Get function in
(wich用于CookieStore.Get函数中)
https://github.com/gorilla/sessions/blob/master/store.go - line 77
(https://github.com/gorilla/sessions/blob/master/store.go-第77行)
EDIT 1: For the client I use polymer and I tried xmlhttp too.
(编辑1:对于客户端,我使用聚合物,我也尝试了xmlhttp。)
Polymer:(聚合物:)
<iron-ajax
id="ajaxRequest"
auto
url="{{requestUrl}}"
headers="{{requestHeaders}}"
handle-as="json"
on-response="onResponse"
on-error="onError"
content-type="application/json"
>
</iron-ajax>
and the handlers
(和处理程序)
onResponse: function(response){
console.log(response.detail.response);
this.items = response.detail.response
},
onError: function(error){
console.log(error.detail)
},
ready: function(){
this.requestUrl = "http://localhost:8080/api/fingerprint/company/" + getCookie("companyId");
this.requestHeaders = {"Set-cookie": getCookie("api_token")}
}
and the cookie successfully reaches the backend.
(并且cookie成功到达了后端。)
And xmlhttp:
(和xmlhttp:)
var xmlhttp = new XMLHttpRequest();
xmlhttp.onreadystatechange = function() {
if (xmlhttp.readyState == XMLHttpRequest.DONE ) {
if(xmlhttp.status == 200){
//do stuff
}else if(xmlhttp.status == 401){
page.redirect("/unauthorized")
}else{
page.redirect("/error")
}
}
}
xmlhttp.open("GET","http://localhost:8080/api/fingerprint/company/" + getCookie("companyId"),true);
xmlhttp.setRequestHeader("Set-cookie", getCookie("api_token"));
xmlhttp.send();
EDIT 2:
(编辑2:)
So I tried debugging with fiddler(thanks for the suggestion) and i found out that the request from postman has an bold entry Cookies / Login
and the request from the client does not.
(因此,我尝试使用fiddler进行调试(感谢您的建议),结果发现邮递员的请求有一个粗体条目Cookies / Login
,而客户端的请求则没有。)
(任何想法如何获得/设置该值?)
It is somehow automatically set in Postman.(它是通过邮递员自动设置的。)
In the authentication request I get a set-cookie header that has all the data that I need but I can't get it on the client.(在身份验证请求中,我得到一个set-cookie标头,其中包含我需要的所有数据,但无法在客户端上获取。)
I getRefused to get unsafe header set-cookie
. (我被Refused to get unsafe header set-cookie
。)