Golang cookie 不删除

Question

在尝试测试以下代码:

//SetSingleSignOn Sets the cookie to allow for single sign cross applications.
func SetSingleSignOn(w http.ResponseWriter, token string) {
    http.SetCookie(w, &http.Cookie{
        Name:     ssoCookie,
        Value:    token,
        Path:     "/",
        HttpOnly: false,
        Secure:   false,
        Domain:   "localhost",
        Expires:  time.Now().AddDate(0, 0, 7),
        MaxAge:   0,
    })
}

//DestroySingleSignOn Gets rid of single sign on, in case a user logs out of the application.
func DestroySingleSignOn(r *http.Request, w http.ResponseWriter) {
    cookie, err := r.Cookie(ssoCookie)
    if err != nil || cookie.Value == "" {
        return
    }

    cookie = &http.Cookie{
        Name:     ssoCookie,
        Path:     "/",
        HttpOnly: false,
        Secure:   false,
        Domain:   "localhost",
        Expires:  time.Now(),
        MaxAge:   -1}

    http.SetCookie(w, cookie)
}

我遇到了一个明显的错误失败。

我针对 SetSingleSignOn 的所有测试都通过了，但是针对 DestroySingleSignOn 的完整性测试失败了。

测试

看起来像这样:

t.Run("SignedOnFirst", func(t *testing.T) {

    req := httptest.NewRequest("POST",
        "localhost:42100",
        nil)
    w := httptest.NewRecorder()

    SetSingleSignOn(w, "12446rewa12314")

    // assert.NotPanics(t, func() { DestroySingleSignOn(req, w) })
    DestroySingleSignOn(req, w)

    // get the cookie
    res := w.Result()
    fmt.Println(res.Cookies())

    assert.Equal(t, 1, len(res.Cookies()))
    cookie := *res.Cookies()[0]
    // cookie should be named ssoCookie
    assert.Equal(t,
        ssoCookie,
        cookie.Name)

    // cookie should have already expired
    assert.True(t,
        time.Now().After(cookie.Expires))

})

就好像 http.SetCookie(w, cookie) 根本没有被调用过一样!更奇怪的是，当我直接取消函数调用时

http.SetCookie(w, &http.Cookie{
    Name:     ssoCookie,
    Path:     "/",
    HttpOnly: false,
    Secure:   false,
    Domain:   "localhost",
    Expires:  time.Now(),
    MaxAge:   -1}

它似乎有效(最后一个 cookie 处于非事件状态)，但现在 res.Cookies() 中有两个 cookie!

这可能是什么原因造成的？

Answer 1

在您的 DestorySingleSignOn 函数中，您从这个 block 开始:

cookie, err := r.Cookie(ssoCookie)
if err != nil || cookie.Value == "" {
    return
}

请注意，您正在检查请求 中的 cookie，但 cookie 仅在响应 中设置。您需要发出请求以获取初始 cookie 集，然后使用该 cookie 发出第二个请求才能正常工作。

t.Run("SignedOnFirst", func(t *testing.T) {

    req := httptest.NewRequest("POST",
        "localhost:42100",
        nil)
    w := httptest.NewRecorder()

    SetSingleSignOn(w, "12446rewa12314")

    // get the initial cookie
    res := w.Result()
    cookie := res.Cookies()[0]

    // issue a second request with the cookie
    req = httptest.NewRequest("POST",
        "localhost:42100",
        nil)
    req.AddCookie(cookie)
    w = httptest.NewRecorder()

    // assert.NotPanics(t, func() { DestroySingleSignOn(req, w) })
    DestroySingleSignOn(req, w)

    // get the new cookie
    res = w.Result()
    fmt.Println(res.Cookies())

    assert.Equal(t, 1, len(res.Cookies()))
    cookie = *res.Cookies()[0]
    // cookie should be named ssoCookie
    assert.Equal(t,
        ssoCookie,
        cookie.Name)

    // cookie should have already expired
    assert.True(t,
        time.Now().After(cookie.Expires))

})