gui: fix session persistence bug.

This fixes a bug with session management where a the session middleware does not persis avnewly generated session.
decred · May 25, 2020 · 9050ba4 · 9050ba4
1 parent 64ec712
commit 9050ba4
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 2 deletions.
diff --git a/gui/index.go b/gui/index.go
@@ -28,7 +28,6 @@ type indexPageData struct {
 // message. The error message will only be displayed if the browser has
 // Javascript enabled.
 func (ui *GUI) renderIndex(w http.ResponseWriter, r *http.Request, modalError string) {
-
 	// Get the 10 most recent confirmed mined blocks.
 	_, confirmedWork, _ := ui.cache.getConfirmedMinedWork(0, 9)
 

diff --git a/gui/middleware.go b/gui/middleware.go
@@ -31,7 +31,15 @@ func (ui *GUI) sessionMiddleware(next http.Handler) http.Handler {
 			// common during development (eg. when using the test harness) but
 			// it should not occur in production.
 			if strings.Contains(err.Error(), "securecookie: the value is not valid") {
-				log.Warnf("getSession error: CSRF secret has changed. Generating new session.")
+				log.Warn("getSession error: CSRF secret has changed. Generating new session.")
+
+				// Persist the generated session.
+				err = ui.cookieStore.Save(r, w, session)
+				if err != nil {
+					log.Errorf("saveSession error: %v", err)
+					http.Error(w, "Session error", http.StatusInternalServerError)
+					return
+				}
 			} else {
 				log.Errorf("getSession error: %v", err)
 				http.Error(w, "Session error", http.StatusInternalServerError)