ryan/games
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 9 Wiki Activity

fix: convert auth flows from SSE to standard HTTP to fix session cookies
Some checks failed
CI / Deploy / test (pull_request) Successful in 33s
Details
CI / Deploy / lint (pull_request) Failing after 38s
Details
CI / Deploy / deploy (pull_request) Has been skipped
Details

Browse Source 
Datastar's NewSSE() flushes HTTP headers before SCS's session middleware
can attach the Set-Cookie header, so the session cookie never reaches the
browser after login/register/logout.

Convert login, register, and logout to standard HTML forms with HTTP
redirects, which lets SCS write cookies normally. Also fix return_url
capture on the login page (was never being stored in the session).

Add handler tests covering login, register, and logout flows.
This commit is contained in:
Ryan Hamamura
2026-03-11 10:10:28 -10:00
parent 8573e87bf6
commit 72d31fd143
7 changed files with 424 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
features/lobby/handlers.go
View File

@@ -171,7 +171,6 @@ func HandleLogout(sessions *scs.SessionManager) http.HandlerFunc {
return
}
sse := datastar.NewSSE(w, r)
sse.ExecuteScript("window.location.href='/'") //nolint:errcheck
http.Redirect(w, r, "/", http.StatusSeeOther)
}
}

12
features/lobby/pages/lobby.templ
View File

@@ -20,13 +20,11 @@ templ LobbyPage(data LobbyData) {
if data.IsLoggedIn {
<div class="flex justify-center items-center gap-4 mb-4 p-2 bg-base-200 rounded-lg">
<span>Logged in as <strong>{ data.Username }</strong></span>
<button
type="button"
class="btn btn-ghost btn-sm"
data-on:click={ datastar.PostSSE("/logout") }
>
Logout
</button>
<form method="POST" action="/logout" class="inline">
<button type="submit" class="btn btn-ghost btn-sm">
Logout
</button>
</form>
</div>
} else {
<div class="alert text-sm mb-4">