From b29bd993d4e2f03b7ec6a61761fa7806458365b3 Mon Sep 17 00:00:00 2001
From: MHSanaei <ho3ein.sanaei@gmail.com>
Date: Mon, 16 Dec 2024 14:24:59 +0100
Subject: [PATCH] fix session

twice  set-cookie bug fixed
---
 web/controller/index.go | 28 +++++++++++++++++-----------
 web/session/session.go  | 22 ++++++++++++----------
 2 files changed, 29 insertions(+), 21 deletions(-)

diff --git a/web/controller/index.go b/web/controller/index.go
index c74b6fb1..9af4ed7f 100644
--- a/web/controller/index.go
+++ b/web/controller/index.go
@@ -9,6 +9,7 @@ import (
 	"x-ui/web/service"
 	"x-ui/web/session"
 
+	"github.com/gin-contrib/sessions"
 	"github.com/gin-gonic/gin"
 )
 
@@ -49,8 +50,8 @@ func (a *IndexController) index(c *gin.Context) {
 
 func (a *IndexController) login(c *gin.Context) {
 	var form LoginForm
-	err := c.ShouldBind(&form)
-	if err != nil {
+
+	if err := c.ShouldBind(&form); err != nil {
 		pureJsonMsg(c, http.StatusOK, false, I18nWeb(c, "pages.login.toasts.invalidFormData"))
 		return
 	}
@@ -68,29 +69,31 @@ func (a *IndexController) login(c *gin.Context) {
 	safeUser := template.HTMLEscapeString(form.Username)
 	safePass := template.HTMLEscapeString(form.Password)
 	safeSecret := template.HTMLEscapeString(form.LoginSecret)
+
 	if user == nil {
 		logger.Warningf("wrong username: \"%s\", password: \"%s\", secret: \"%s\", IP: \"%s\"", safeUser, safePass, safeSecret, getRemoteIp(c))
 		a.tgbot.UserLoginNotify(safeUser, safePass, getRemoteIp(c), timeStr, 0)
 		pureJsonMsg(c, http.StatusOK, false, I18nWeb(c, "pages.login.toasts.wrongUsernameOrPassword"))
 		return
-	} else {
-		logger.Infof("%s logged in successfully, Ip Address: %s\n", safeUser, getRemoteIp(c))
-		a.tgbot.UserLoginNotify(safeUser, ``, getRemoteIp(c), timeStr, 1)
 	}
 
+	logger.Infof("%s logged in successfully, Ip Address: %s\n", safeUser, getRemoteIp(c))
+	a.tgbot.UserLoginNotify(safeUser, ``, getRemoteIp(c), timeStr, 1)
+
 	sessionMaxAge, err := a.settingService.GetSessionMaxAge()
 	if err != nil {
 		logger.Warning("Unable to get session's max age from DB")
 	}
 
-	err = session.SetMaxAge(c, sessionMaxAge*60)
-	if err != nil {
-		logger.Warning("Unable to set session's max age")
+	session.SetMaxAge(c, sessionMaxAge*60)
+	session.SetLoginUser(c, user)
+	if err := sessions.Default(c).Save(); err != nil {
+		logger.Warning("Unable to save session: ", err)
+		return
 	}
 
-	err = session.SetLoginUser(c, user)
-	logger.Infof("%s logged in successfully", user.Username)
-	jsonMsg(c, I18nWeb(c, "pages.login.toasts.successLogin"), err)
+	logger.Infof("%s logged in successfully", safeUser)
+	jsonMsg(c, I18nWeb(c, "pages.login.toasts.successLogin"), nil)
 }
 
 func (a *IndexController) logout(c *gin.Context) {
@@ -99,6 +102,9 @@ func (a *IndexController) logout(c *gin.Context) {
 		logger.Infof("%s logged out successfully", user.Username)
 	}
 	session.ClearSession(c)
+	if err := sessions.Default(c).Save(); err != nil {
+		logger.Warning("Unable to save session after clearing:", err)
+	}
 	c.Redirect(http.StatusTemporaryRedirect, c.GetString("base_path"))
 }
 
diff --git a/web/session/session.go b/web/session/session.go
index f5055efd..13aedad8 100644
--- a/web/session/session.go
+++ b/web/session/session.go
@@ -10,38 +10,41 @@ import (
 )
 
 const (
-	loginUser   = "LOGIN_USER"
-	defaultPath = "/"
+	loginUserKey = "LOGIN_USER"
+	defaultPath  = "/"
 )
 
 func init() {
 	gob.Register(model.User{})
 }
 
-func SetLoginUser(c *gin.Context, user *model.User) error {
+func SetLoginUser(c *gin.Context, user *model.User) {
+	if user == nil {
+		return
+	}
 	s := sessions.Default(c)
-	s.Set(loginUser, user)
-	return s.Save()
+	s.Set(loginUserKey, *user)
 }
 
-func SetMaxAge(c *gin.Context, maxAge int) error {
+func SetMaxAge(c *gin.Context, maxAge int) {
 	s := sessions.Default(c)
 	s.Options(sessions.Options{
 		Path:     defaultPath,
 		MaxAge:   maxAge,
 		HttpOnly: true,
 	})
-	return s.Save()
 }
 
 func GetLoginUser(c *gin.Context) *model.User {
 	s := sessions.Default(c)
-	obj := s.Get(loginUser)
+	obj := s.Get(loginUserKey)
 	if obj == nil {
 		return nil
 	}
 	user, ok := obj.(model.User)
 	if !ok {
+
+		s.Delete(loginUserKey)
 		return nil
 	}
 	return &user
@@ -51,7 +54,7 @@ func IsLogin(c *gin.Context) bool {
 	return GetLoginUser(c) != nil
 }
 
-func ClearSession(c *gin.Context) error {
+func ClearSession(c *gin.Context) {
 	s := sessions.Default(c)
 	s.Clear()
 	s.Options(sessions.Options{
@@ -59,5 +62,4 @@ func ClearSession(c *gin.Context) error {
 		MaxAge:   -1,
 		HttpOnly: true,
 	})
-	return s.Save()
 }