fiber Architecture Docs
Home / Function/ Test_Session_CSRF_Scenario() — fiber Function Reference

Test_Session_CSRF_Scenario() — fiber Function Reference

Architecture documentation for the Test_Session_CSRF_Scenario() function in session_test.go from the fiber codebase.

Function go FiberMiddleware Session

Entity Profile

Dependency Diagram

graph TD
  d0f1d72f_76be_bdfa_e54f_292f1632ae6c["Test_Session_CSRF_Scenario()"]
  397e6e82_749b_4ef2_9365_02be671c59f7["session_test.go"]
  d0f1d72f_76be_bdfa_e54f_292f1632ae6c -->|defined in| 397e6e82_749b_4ef2_9365_02be671c59f7
  style d0f1d72f_76be_bdfa_e54f_292f1632ae6c fill:#6366f1,stroke:#818cf8,color:#fff

Relationship Graph

Source Code

middleware/session/session_test.go lines 1623–1677

func Test_Session_CSRF_Scenario(t *testing.T) {
	t.Parallel()

	store := NewStore(Config{
		IdleTimeout: 2 * time.Second, // Longer timeout to ensure session persists
	})
	app := fiber.New()

	// Simulate: First GET request creates session
	ctx1 := app.AcquireCtx(&fasthttp.RequestCtx{})
	sess1, err := store.Get(ctx1)
	require.NoError(t, err)
	require.True(t, sess1.Fresh())
	firstSessionID := sess1.ID()

	// Store some data (simulating CSRF token storage)
	sess1.Set("csrf_token", "token-123")
	require.NoError(t, sess1.Save())
	sess1.Release()
	app.ReleaseCtx(ctx1)

	// Small delay to ensure save completes
	time.Sleep(10 * time.Millisecond)

	// Simulate: POST request with valid session (before expiration)
	ctx2 := app.AcquireCtx(&fasthttp.RequestCtx{})
	ctx2.Request().Header.SetCookie("session_id", firstSessionID)
	sess2, err := store.Get(ctx2)
	require.NoError(t, err)
	require.False(t, sess2.Fresh(), "Session should not be fresh - it exists")
	require.Equal(t, firstSessionID, sess2.ID(), "Session ID should remain the same")
	require.Equal(t, "token-123", sess2.Get("csrf_token"))

	// Simulate CSRF validation failure (session is accessed but request fails)
	// Session should still maintain the same ID
	require.Equal(t, firstSessionID, sess2.ID())
	sess2.Release()
	app.ReleaseCtx(ctx2)

	// Wait for session to expire
	time.Sleep(2200 * time.Millisecond)

	// Simulate: POST request with expired session
	// This is the scenario the user reported - session data is gone
	ctx3 := app.AcquireCtx(&fasthttp.RequestCtx{})
	ctx3.Request().Header.SetCookie("session_id", firstSessionID)
	sess3, err := store.Get(ctx3)
	require.NoError(t, err)
	require.True(t, sess3.Fresh(), "Session should be fresh - old data expired")
	require.NotEqual(t, firstSessionID, sess3.ID(), "Should have generated new session ID (expected behavior)")
	require.Nil(t, sess3.Get("csrf_token"), "Old session data should be gone")

	sess3.Release()
	app.ReleaseCtx(ctx3)
}

Domain

Subdomains

Defined In

Source

Frequently Asked Questions

What does Test_Session_CSRF_Scenario() do?
Test_Session_CSRF_Scenario() is a function in the fiber codebase, defined in middleware/session/session_test.go.
Where is Test_Session_CSRF_Scenario() defined?
Test_Session_CSRF_Scenario() is defined in middleware/session/session_test.go at line 1623.

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free