From 10f4e822c3908193b5eb3a4cd589e7bbade56c79 Mon Sep 17 00:00:00 2001 From: astaxie Date: Wed, 7 Aug 2013 11:22:23 +0800 Subject: [PATCH] add XSRFExpire --- beego.go | 2 ++ config.go | 3 +++ controller.go | 9 ++++++++- 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/beego.go b/beego.go index d4b1cacf..f6bf521c 100644 --- a/beego.go +++ b/beego.go @@ -46,6 +46,7 @@ var ( ErrorsShow bool //set weather show errors XSRFKEY string //set XSRF EnableXSRF bool + XSRFExpire int CopyRequestBody bool //When in raw application, You want to the reqeustbody ) @@ -76,6 +77,7 @@ func init() { HttpServerTimeOut = 0 ErrorsShow = true XSRFKEY = "beegoxsrf" + XSRFExpire = 60 ParseConfig() } diff --git a/config.go b/config.go index bc6a6b2d..91195cea 100644 --- a/config.go +++ b/config.go @@ -195,6 +195,9 @@ func ParseConfig() (err error) { if enablexsrf, err := AppConfig.Bool("enablexsrf"); err == nil { EnableXSRF = enablexsrf } + if expire, err := AppConfig.Int("xsrfexpire"); err == nil { + XSRFExpire = expire + } } return nil } diff --git a/controller.go b/controller.go index 53a5497c..6983b71d 100644 --- a/controller.go +++ b/controller.go @@ -35,6 +35,7 @@ type Controller struct { _xsrf_token string gotofunc string CruSession session.SessionStore + XSRFExpire int } type ControllerInterface interface { @@ -353,7 +354,13 @@ func (c *Controller) XsrfToken() string { fmt.Fprintf(h, "%s:%d", c.Ctx.Request.RemoteAddr, time.Now().UnixNano()) tok := fmt.Sprintf("%s:%d", h.Sum(nil), time.Now().UnixNano()) token = base64.URLEncoding.EncodeToString([]byte(tok)) - c.Ctx.SetCookie("_xsrf", token) + expire := 0 + if c.XSRFExpire > 0 { + expire = c.XSRFExpire + } else { + expire = XSRFExpire + } + c.Ctx.SetCookie("_xsrf", token, expire) } c._xsrf_token = token } -- GitLab