securecookie icon indicating copy to clipboard operation
securecookie copied to clipboard
verified publisher icon andreadipersio

Adds maxAgeDays parameter to functions that decode cookies

Open ygormutti opened this issue 8 years ago • 3 comments

Our cookies are valid for more days than the hardcoded value of 31 days. I think the maxAgeDays parameter should be part of their interface, or else these methods should not validate the age of the cookie.

Please, let me know if you are concerned with breaking changes and would rather create alternative methods.

ygormutti avatar Mar 28 '17 12:03 ygormutti

Thanks for contributing! You are right this is a feature which can come handy for many other users.

One solution we can evaluate for not breaking changes is to create a package level variable and a method to change it.

In securecookies.go:

var maxAge = time.Duration((24 * 31) * time.Hour)

func WithMaxAge(d time.Duration) {
    maxAge = d
}

func cookieIsFromFuture(cookieTime time.Time, maxAgeDays int) bool {
    return cookieTime.After(time.Now().Add(maxAge)
}

securecookies.WithMaxAge(15 * time.Minutes)

andreadipersio avatar Mar 29 '17 14:03 andreadipersio

I've also considered this, but there is an obvious trade-off: the package would stop being thread-safe. This will end up forcing all the cookies to have the same max age. At least it would be configurable.

ygormutti avatar Mar 30 '17 15:03 ygormutti

I think it can be a fair trade off. Do you need to change the max age of the cookies often? If so, since anyway I am not using this package often we can merge your changes.

Otherwise, if you tend to use the same max age throughout your software, I'll suggest to implement the package level variable.

andreadipersio avatar Apr 07 '17 19:04 andreadipersio