ryan/games
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 9 Wiki Activity

fix: convert auth flows from SSE to standard HTTP to fix session cookies
Some checks failed
CI / Deploy / test (pull_request) Successful in 33s
Details
CI / Deploy / lint (pull_request) Failing after 38s
Details
CI / Deploy / deploy (pull_request) Has been skipped
Details

Browse Source 
Datastar's NewSSE() flushes HTTP headers before SCS's session middleware
can attach the Set-Cookie header, so the session cookie never reaches the
browser after login/register/logout.

Convert login, register, and logout to standard HTML forms with HTTP
redirects, which lets SCS write cookies normally. Also fix return_url
capture on the login page (was never being stored in the session).

Add handler tests covering login, register, and logout flows.
This commit is contained in:
Ryan Hamamura
2026-03-11 10:10:28 -10:00
parent 8573e87bf6
commit 72d31fd143
7 changed files with 424 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
features/lobby/handlers.go
View File

@@ -171,7 +171,6 @@ func HandleLogout(sessions *scs.SessionManager) http.HandlerFunc {
return
}
sse := datastar.NewSSE(w, r)
sse.ExecuteScript("window.location.href='/'") //nolint:errcheck
http.Redirect(w, r, "/", http.StatusSeeOther)
}
}