.circleci/config.yml

@@ -0,0 +1,65 @@
+version: 2.0
+
+jobs:
+  # Base test configuration for Go library tests Each distinct version should
+  # inherit this base, and override (at least) the container image used.
+  "test": &test
+    docker:
+      - image: circleci/golang:latest
+    working_directory: /go/src/github.com/gorilla/sessions
+    steps: &steps
+      - checkout
+      - run: go version
+      - run: go get -t -v ./...
+      - run: diff -u <(echo -n) <(gofmt -d .)
+      - run: if [[ "$LATEST" = true ]]; then go vet -v .; fi
+      - run: go test -v -race ./...
+
+  "latest":
+    <<: *test
+    environment:
+      LATEST: true
+
+
+  "1.12":
+    <<: *test
+    docker:
+      - image: circleci/golang:1.12
+
+  "1.11":
+    <<: *test
+    docker:
+      - image: circleci/golang:1.11
+
+  "1.10":
+    <<: *test
+    docker:
+      - image: circleci/golang:1.10
+
+  "1.9":
+    <<: *test
+    docker:
+      - image: circleci/golang:1.9
+
+  "1.8":
+    <<: *test
+    docker:
+      - image: circleci/golang:1.8
+
+  "1.7":
+    <<: *test
+    docker:
+      - image: circleci/golang:1.7
+
+
+workflows:
+  version: 2
+  build:
+    jobs:
+      - "latest"
+      - "1.12"
+      - "1.11"
+      - "1.10"
+      - "1.9"
+      - "1.8"
+      - "1.7"

.github/stale.yml

@@ -0,0 +1,12 @@
+daysUntilStale: 60
+daysUntilClose: 7
+# Issues with these labels will never be considered stale
+exemptLabels:
+  - v2
+  - needs-review
+  - work-required
+staleLabel: stale
+markComment: >
+  This issue has been automatically marked as stale because it hasn't seen
+  a recent update. It'll be automatically closed in a few days.
+closeComment: false

README.md

@@ -31,7 +31,7 @@ Let's start with an example that shows the sessions API in a nutshell:
 	// environmental variable, or flag (or both), and don't accidentally commit it
 	// alongside your code. Ensure your key is sufficiently random - i.e. use Go's
 	// crypto/rand or securecookie.GenerateRandomKey(32) and persist the result.
-	var store = sessions.NewCookieStore(os.Getenv("SESSION_KEY"))
+	var store = sessions.NewCookieStore([]byte(os.Getenv("SESSION_KEY")))
 
 	func MyHandler(w http.ResponseWriter, r *http.Request) {
 		// Get a session. We're ignoring the error resulted from decoding an
@@ -51,20 +51,8 @@ secret key used to authenticate the session. Inside the handler, we call
 some session values in session.Values, which is a `map[interface{}]interface{}`.
 And finally we call `session.Save()` to save the session in the response.
 
-Important Note: If you aren't using gorilla/mux, you need to wrap your handlers
-with
-[`context.ClearHandler`](http://www.gorillatoolkit.org/pkg/context#ClearHandler)
-or else you will leak memory! An easy way to do this is to wrap the top-level
-mux when calling http.ListenAndServe:
-
-```go
-	http.ListenAndServe(":8080", context.ClearHandler(http.DefaultServeMux))
-```
-
-The ClearHandler function is provided by the gorilla/context package.
-
 More examples are available [on the Gorilla
-website](http://www.gorillatoolkit.org/pkg/sessions).
+website](https://www.gorillatoolkit.org/pkg/sessions).
 
 ## Store Implementations
 

doc.go

@@ -59,14 +59,6 @@ session.Save(r, w), and either display an error message or otherwise handle it.
 Save must be called before writing to the response, otherwise the session
 cookie will not be sent to the client.
 
-Important Note: If you aren't using gorilla/mux, you need to wrap your handlers
-with context.ClearHandler as or else you will leak memory! An easy way to do this
-is to wrap the top-level mux when calling http.ListenAndServe:
-
-    http.ListenAndServe(":8080", context.ClearHandler(http.DefaultServeMux))
-
-The ClearHandler function is provided by the gorilla/context package.
-
 That's all you need to know for the basic usage. Let's take a look at other
 options, starting with flash messages.
 

go.mod

@@ -1,6 +1,3 @@
-module "github.com/gorilla/sessions"
+module github.com/gorilla/sessions
 
-require (
-	"github.com/gorilla/context" v1.1.1
-	"github.com/gorilla/securecookie" v1.1.1
-)
+require github.com/gorilla/securecookie v1.1.1

go.sum

@@ -0,0 +1,2 @@
+github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
+github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=

sessions.go

@@ -5,12 +5,11 @@
 package sessions
 
 import (
+	"context"
 	"encoding/gob"
 	"fmt"
 	"net/http"
 	"time"
-
-	"github.com/gorilla/context"
 )
 
 // Default flashes key.
@@ -108,15 +107,16 @@ const registryKey contextKey = 0
 
 // GetRegistry returns a registry instance for the current request.
 func GetRegistry(r *http.Request) *Registry {
-	registry := context.Get(r, registryKey)
+	var ctx = r.Context()
+	registry := ctx.Value(registryKey)
 	if registry != nil {
 		return registry.(*Registry)
 	}
 	newRegistry := &Registry{
 		request:  r,
 		sessions: make(map[string]sessionInfo),
 	}
-	context.Set(r, registryKey, newRegistry)
+	*r = *r.WithContext(context.WithValue(ctx, registryKey, newRegistry))
 	return newRegistry
 }
 

sessions_test.go

@@ -153,6 +153,37 @@ func TestFlashes(t *testing.T) {
 	if custom.Type != 42 || custom.Message != "foo" {
 		t.Errorf("Expected %#v, got %#v", FlashMessage{42, "foo"}, custom)
 	}
+
+	// Round 5 ----------------------------------------------------------------
+	// Check if a request shallow copy resets the request context data store.
+
+	req, _ = http.NewRequest("GET", "http://localhost:8080/", nil)
+
+	// Get a session.
+	if session, err = store.Get(req, "session-key"); err != nil {
+		t.Fatalf("Error getting session: %v", err)
+	}
+
+	// Put a test value into the session data store.
+	session.Values["test"] = "test-value"
+
+	// Create a shallow copy of the request.
+	req = req.WithContext(req.Context())
+
+	// Get the session again.
+	if session, err = store.Get(req, "session-key"); err != nil {
+		t.Fatalf("Error getting session: %v", err)
+	}
+
+	// Check if the previous inserted value still exists.
+	if session.Values["test"] == nil {
+		t.Fatalf("Session test value is lost in the request context!")
+	}
+
+	// Check if the previous inserted value has the same value.
+	if session.Values["test"] != "test-value" {
+		t.Fatalf("Session test value is changed in the request context!")
+	}
 }
 
 func TestCookieStoreMapPanic(t *testing.T) {