• middleware/csrf/session_manager.go (3 hunks)
• middleware/session/config.go (3 hunks)
• middleware/session/middleware.go (1 hunks)
• middleware/session/session.go (7 hunks)

middleware/csrf/session_manager.go (1)

57-68: Ensure thread safety when setting session tokens.

Verification successful

---

The Set method implementations found in the codebase indicate that thread safety measures are in place. Specifically:

• In middleware/session/middleware.go, the Set method uses a mutex (m.mu.Lock() and m.mu.Unlock()) to ensure thread safety.
• In middleware/session/data.go, the Set method also uses a lock (d.Lock() and d.Unlock()) to ensure thread safety.

These implementations confirm that the session management operations are thread-safe.

Scripts Executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Description: Check for potential data races when setting session tokens.
# Command: Run your Go data race detector tool on this section.

Length of output: 0

---

---

Script:

#!/bin/bash
# Description: Check if the session management library used in the codebase provides thread-safe operations.
# Command: Search for the session management library and inspect its documentation or implementation for thread safety.

# Find the session management library used in the codebase
session_lib=$(rg --files-with-matches 'session.FromContext' | head -n 1)

# Check if the session management library provides thread-safe operations
if [ -n "$session_lib" ]; then
  rg 'thread-safe' "$session_lib"
else
  echo "Session management library not found."
fi

Length of output: 208

---

---

Script:

#!/bin/bash
# Description: Extract and inspect the implementation of the `Set` method in the session management library to verify thread safety.

# Find the implementation of the `Set` method in the session management library
ast-grep --lang go --pattern 'func ($_ $_) Set($_, $_) $_' middleware/csrf/session_manager.go

Length of output: 95

---

---

Script:

#!/bin/bash
# Description: Search the entire codebase for the implementation of the `Set` method to verify thread safety.

# Find the implementation of the `Set` method in the entire codebase
ast-grep --lang go --pattern 'func ($_ $_) Set($_, $_) $_'

Length of output: 1417

middleware/session/config.go (1)

13-15: Renaming Expiration to IdleTimeout clarifies the purpose and aligns with best practices.

middleware/session/middleware.go (1)

31-37: Well-structured Middleware struct with appropriate use of synchronization for thread safety.

middleware/session/session.go (1)

16-22: The addition of idleTimeout in the Session struct is a positive change for better session management.

Files that changed from the base of the PR and between 8716c95 and f3c4e8e.

• docs/middleware/csrf.md (5 hunks)
• docs/middleware/session.md (1 hunks)
• docs/whats_new.md (3 hunks)
• middleware/csrf/config.go (3 hunks)
• middleware/csrf/csrf.go (3 hunks)
• middleware/csrf/csrf_test.go (5 hunks)
• middleware/csrf/session_manager.go (2 hunks)
• middleware/session/config.go (4 hunks)
• middleware/session/config_test.go (1 hunks)
• middleware/session/data.go (1 hunks)
• middleware/session/data_msgp.go (2 hunks)
• middleware/session/data_test.go (1 hunks)
• middleware/session/middleware.go (1 hunks)
• middleware/session/session.go (10 hunks)
• middleware/session/session_test.go (47 hunks)
• middleware/session/store.go (4 hunks)
• middleware/session/store_test.go (6 hunks)

• middleware/csrf/csrf_test.go
• middleware/session/config_test.go
• middleware/session/data_test.go

middleware/csrf/session_manager.go (1)

15-20: Improved type safety for session key management

The introduction of sessionKeyType and the sessionKey constant enhances type safety in session key management. This change aligns with Go best practices and helps prevent potential type-related errors.

middleware/session/config.go (3)

8-8: LGTM: Added log package for error handling

The addition of the log package from github.com/gofiber/fiber/v3/log is appropriate for the new error handling functionality introduced in this update.

---

108-115: LGTM: Updated ConfigDefault to align with new Config structure

The changes to ConfigDefault correctly reflect the updates made to the Config struct:

1. Removal of the Expiration field.
2. Addition of IdleTimeout with a sensible default of 30 minutes.
3. Explicit setting of source to SourceCookie.

These changes ensure consistency with the new session management approach introduced in this update.

---

Line range hint 1-190: Summary: Comprehensive improvements to session middleware configuration

This update to middleware/session/config.go successfully addresses the objectives outlined in the PR and the linked GitHub issue:

1. The session middleware has been re-written with improved configuration options, including IdleTimeout and AbsoluteTimeout, which provide more granular control over session expiration.
2. Error handling has been enhanced with the introduction of DefaultErrorHandler and improved error messages.
3. The changes align well with NIST guidelines on distinguishing between timeout and expiration.

The code quality is high, with thorough documentation and thoughtful error handling. The suggested minor improvements, if implemented, will further enhance the robustness and consistency of the package.

Overall, these changes significantly improve the session management capabilities of the Fiber framework.

middleware/csrf/config.go (1)

Line range hint 1-201: Summary of CSRF middleware configuration changes

The changes in this file align well with the PR objectives to address inconsistencies in session and CSRF middleware handling. Key modifications include:

1. Replacing Expiration with IdleTimeout in the Config struct and ConfigDefault.
2. Removing the SessionKey field from the Config struct.
3. Updating the configDefault function to use IdleTimeout.

These changes improve the consistency and clarity of the CSRF middleware configuration. However, they introduce breaking changes that may affect existing implementations, particularly the removal of SessionKey.

To ensure a smooth transition for users of this middleware, consider the following:

1. Update the package documentation to highlight these breaking changes.
2. Provide migration guidelines for users updating from the previous version.
3. Run the following script to identify any internal usages that might need updating:

#!/bin/bash
# Search for usages of Expiration and SessionKey in the codebase
rg --type go '(Expiration|SessionKey)'

This will help ensure that all related code is updated to reflect these changes.

middleware/session/middleware.go (7)

1-10: LGTM: Package declaration and imports are appropriate.

The package name and imports are well-suited for a session middleware implementation in Fiber.

---

167-184: LGTM: Well-implemented FromContext function.

The FromContext function correctly retrieves the Middleware from the Fiber context and gracefully handles the case where the middleware is not found.

---

186-233: LGTM: Well-implemented Set, Get, and Delete methods with proper concurrency safety.

These methods provide CRUD operations for session data and use appropriate locking mechanisms to ensure thread safety.

---

291-301: LGTM: Correctly implemented Store method.

The Store method simply returns the session store from the config, which is the expected behavior.

---

127-138: Increase test coverage for the saveSession method.

The saveSession method has good error handling, but static analysis indicates that the error handling paths are not covered by tests.

Consider adding test cases that trigger the error handling paths:

1. Test with a custom ErrorHandler
2. Test with the DefaultErrorHandler

To verify the current test coverage and identify gaps, run:

#!/bin/bash
# Check test coverage for the saveSession method
go test -v -coverprofile=coverage.out ./middleware/session
go tool cover -func=coverage.out | grep saveSession

This will help identify which parts of the saveSession method need additional test coverage.

🧰 Tools

🪛 GitHub Check: codecov/patch

[warning] 130-133: middleware/session/middleware.go#L130-L133
Added lines #L130 - L133 were not covered by tests

---

140-165: ⚠️ Potential issue

Improve error handling in acquireMiddleware and increase test coverage.

While using sync.Pool is good for performance, the panic in acquireMiddleware could lead to application crashes.

Consider handling the type assertion error more gracefully:

 func acquireMiddleware() *Middleware {
     m, ok := middlewarePool.Get().(*Middleware)
     if !ok {
-        panic(ErrTypeAssertionFailed.Error())
         // Log the error and return a new instance
         log.Printf("Type assertion failed in acquireMiddleware: %v", ErrTypeAssertionFailed)
         return &Middleware{}
     }
     return m
 }

Increase test coverage for both acquireMiddleware and releaseMiddleware, especially for error cases.

To check the current test coverage and identify gaps:

This will help ensure that all paths in these functions are properly tested.

🧰 Tools

🪛 GitHub Check: codecov/patch

[warning] 144-144: middleware/session/middleware.go#L144
Added line #L144 was not covered by tests

---

110-125: ⚠️ Potential issue

Improve error handling in the initialize method.

The current implementation panics if there's an error getting the session. This could lead to application crashes in production.

Consider handling the error more gracefully:

 func (m *Middleware) initialize(c fiber.Ctx, cfg Config) {
     m.mu.Lock()
     defer m.mu.Unlock()

     session, err := cfg.Store.getSession(c)
     if err != nil {
-        panic(err) // handle or log this error appropriately in production
         if cfg.ErrorHandler != nil {
             cfg.ErrorHandler(c, err)
         } else {
             DefaultErrorHandler(c, err)
         }
         return
     }

     m.config = cfg
     m.Session = session
     m.ctx = c

     c.Locals(middlewareContextKey, m)
 }

This change ensures that errors are handled consistently with the rest of the middleware.

To ensure this change doesn't introduce new issues, please run the following test:

🧰 Tools

🪛 GitHub Check: codecov/patch

[warning] 117-117: middleware/session/middleware.go#L117
Added line #L117 was not covered by tests

middleware/csrf/csrf.go (3)

52-52: LGTM: Simplified session manager initialization

This change aligns with the PR objective of re-writing the session middleware. The simplified initialization improves code readability and maintainability.

---

237-237: LGTM: Consistent use of IdleTimeout in CSRF cookie update

This change is consistent with the previous modification in createOrExtendTokenInStorage. It further aligns the CSRF implementation with NIST guidelines and addresses issue #2741.

---

220-222: LGTM: Updated token storage with IdleTimeout

This change addresses issue #2741 by replacing Expiration with IdleTimeout, aligning with NIST guidelines on distinguishing between timeout and expiration.

To ensure consistency, let's verify if this change has been applied throughout the codebase:

✅ Verification successful

To ensure that all instances of Expiration have been appropriately replaced with IdleTimeout in the production codebase, let's verify that no such instances remain outside of test files:

---

Verified: 'Expiration' correctly replaced with 'IdleTimeout' in CSRF middleware

The change addresses issue #2741 by replacing Expiration with IdleTimeout within the CSRF middleware, aligning with NIST guidelines on distinguishing between timeout and expiration. Remaining instances of Expiration in other components like caching and rate limiting are contextually appropriate and do not affect the CSRF functionality.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for any remaining instances of 'Expiration' related to session or CSRF
# Test: Search for 'Expiration' in Go files. Expect: No occurrences related to session or CSRF timeout/expiration.
rg --type go 'Expiration' -C 3

Length of output: 27282

---

Script:

#!/bin/bash
# Description: Check for any remaining instances of 'Expiration' in non-test Go files.
# Test: Search for 'Expiration' in Go files excluding test files. Expect: No occurrences related to session or CSRF timeout/expiration.
rg --type go 'Expiration' -g '!*.test.go' -C 3

Length of output: 27298

middleware/session/session.go (4)

15-24: Approved: Session struct changes align with PR objectives

The renaming of exp to idleTimeout and the addition of the fresh field improve session management and align with the PR objectives. These changes address the inconsistencies in session handling and provide better clarity on the session state.

---

Line range hint 357-387: Approved: Improved setSession method with consistent timeout handling

The changes in the setSession method align well with the PR objectives. The use of idleTimeout instead of Expiration provides consistency with the rest of the session management logic. Setting both MaxAge and Expire for the cookie is a good practice that ensures better compatibility across different browsers.

These modifications contribute to a more robust and consistent session management system.

---

Line range hint 1-479: Summary: Significant improvements in session management

This PR introduces substantial enhancements to the session middleware, effectively addressing the inconsistencies highlighted in issue #2741. The changes include:

1. Renaming exp to idleTimeout for clarity.
2. Adding a fresh field to track new sessions.
3. Implementing a Release method for efficient session pool management.
4. Improving the Save method to prevent unnecessary saves.
5. Adding absolute expiration functionality.

These modifications align well with NIST guidelines and provide a more robust session management system. The suggested improvements, if implemented, will further enhance the code quality and maintainability.

To fully realize the benefits of these changes:

1. Consider implementing the suggested error handling improvements.
2. Enhance the documentation as proposed to clarify the different expiration mechanisms.
3. Improve test coverage for the identified uncovered lines.

Overall, this PR represents a significant step forward in addressing the session management inconsistencies and improving the overall quality of the middleware.

---

78-78: Consider improving test coverage

Static analysis has identified several lines that are not covered by tests:

• Line 78 in the Release method
• Lines 286 and 288 in the Save method
• Line 339 in the Keys method

While 100% test coverage isn't always necessary or practical, consider adding tests for these cases if feasible. This could improve the robustness of the codebase and catch potential edge case bugs.

To help identify which tests might be missing, you can run the following command:

This will generate an HTML report of the test coverage, which can help visualize which parts of the code need additional testing.

Also applies to: 286-286, 288-288, 339-339

🧰 Tools

🪛 GitHub Check: codecov/patch

[warning] 78-78: middleware/session/session.go#L78
Added line #L78 was not covered by tests

docs/middleware/session.md (1)

Line range hint 1-458: Overall documentation quality is excellent with minor improvement opportunities

The updated session middleware documentation is comprehensive, well-structured, and informative. It effectively covers the changes introduced in v3 and provides clear guidance for users upgrading from v2. The addition of a migration guide, detailed type descriptions, and various usage examples significantly enhances the documentation's value.

To further improve this already high-quality documentation, consider the following suggestions:

1. Ensure consistent formatting throughout the document, particularly in method signatures and configuration property descriptions.
2. Expand examples to demonstrate more real-world scenarios, such as using custom types in sessions.
3. Add more context to new features like IdleTimeout and AbsoluteTimeout to help users understand their impact on session behavior.
4. Review the document for any remaining inconsistencies in terminology or explanations.

Overall, this documentation provides an excellent resource for users of the Fiber session middleware.

🧰 Tools

🪛 LanguageTool

[style] ~436-~436: Consider using “inaccessible” to avoid wordiness.
Context: ... | Ensures session cookie is not accessible to JavaScript (HTTP only). ...

(NOT_ABLE_PREMIUM)

docs/middleware/csrf.md (4)

37-37: LGTM: IdleTimeout configuration added correctly

The addition of IdleTimeout set to 30 minutes is consistent with the PR objectives and accurately reflects the new configuration option for the CSRF middleware.

---

126-126: LGTM: Default configuration updated correctly

The update to use IdleTimeout in the default configuration is consistent with the PR objectives and previous changes in the document. The 30-minute default value is correctly set.

---

145-145: LGTM: Recommended configuration updated correctly

The update to use IdleTimeout in the recommended configuration is consistent with the PR objectives and previous changes in the document. The 30-minute value is correctly set.

---

Line range hint 1-324: Overall documentation update is comprehensive and accurate

The changes to this documentation file are consistent and align well with the PR objectives. Key points:

1. Expiration has been replaced with IdleTimeout throughout the document.
2. The new default value of 30 minutes is correctly reflected in all relevant sections.
3. The token lifecycle explanation has been updated to accurately describe the new behavior.

These updates provide clear and accurate information about the new IdleTimeout feature in the CSRF middleware. The documentation now correctly reflects the changes in the middleware's behavior, which will help users understand and implement the CSRF protection effectively.

middleware/session/session_test.go (10)

Line range hint 20-35: Improved session management and resource handling

The changes in this segment enhance the test setup and teardown:

1. Using NewStore() instead of New() improves naming consistency.
2. Adding sess.Release() ensures proper resource management.
3. Releasing and reacquiring the context simulates a new request scenario.

These modifications contribute to more robust and realistic testing of the session middleware.

---

Line range hint 49-74: Enhanced key type flexibility and consistent resource management

1. The change from []string{} to []any{} for the keys expectation indicates improved flexibility in key types supported by the session.
2. The addition of sess.Release() at the end of the test ensures consistent resource cleanup.

These changes improve the robustness of the tests and reflect enhancements in the session implementation.

---

Line range hint 84-100: Improved resource management and test documentation

The changes in this segment enhance the test in several ways:

1. Adding sess.Release() ensures proper cleanup of session resources.
2. Releasing and reacquiring the context helps simulate a fresh request scenario.
3. The added comments improve the readability and clarity of the test flow.

These modifications contribute to more maintainable and understandable tests.

---

Line range hint 110-114: Enhanced error handling and test structure

The modifications in this segment improve the test robustness:

1. Adding defer sess.Release() ensures session cleanup even if the test fails.
2. Moving the freshness check after the error check improves the logical flow of the test.

These changes contribute to more reliable and structured testing of the session middleware.

---

Line range hint 121-195: Comprehensive improvements in session testing

This segment demonstrates several enhancements to the session type tests:

1. Consistent use of NewStore() aligns with earlier changes.
2. Multiple sess.Release() calls ensure proper resource management throughout the test.
3. Repeated release and reacquire of the context simulate multiple request scenarios, improving test coverage.
4. The change from []string{} to []any{} for keys expectation reflects increased flexibility in key types.

These modifications result in more thorough and realistic testing of the session middleware across various data types and scenarios.

---

330-503: Excellent addition of comprehensive key type testing

The new Test_Session_KeyTypes function greatly enhances the test suite:

1. It tests a wide range of key and value types, ensuring the session can handle various data types correctly.
2. The inclusion of checks for unregistered key types verifies the type safety of the session implementation.
3. The test covers both setting and retrieving values, ensuring consistency across operations.

This addition significantly improves the robustness and reliability of the session middleware by thoroughly testing its type handling capabilities.

---

Line range hint 557-616: Updated terminology and improved resource management

This segment shows important updates to the session timeout testing:

1. The function rename from Test_Session_Save_Expiration to Test_Session_Save_IdleTimeout reflects a change in terminology, likely aligning with updated session management concepts.
2. Replacing SetExpiry with SetIdleTimeout is consistent with this terminology change.
3. The addition of multiple sess.Release() calls ensures proper resource cleanup throughout the test.

These changes improve the clarity of the test's purpose and maintain consistent resource management practices.

---

617-681: Valuable addition of absolute timeout testing

The new Test_Session_Save_AbsoluteTimeout function is a significant enhancement to the test suite:

1. It introduces testing for absolute timeout functionality, complementing the existing idle timeout tests.
2. The test verifies that sessions expire correctly after the absolute timeout period.
3. The inclusion of a check for retrieving an expired session by ID covers an important edge case.

This addition ensures more comprehensive coverage of session timeout behaviors, contributing to a more robust and reliable session management system.

---

Line range hint 690-1260: Consistent application of improved resource management

The remaining changes in the file demonstrate a thorough and consistent approach to resource management:

1. Multiple instances of sess.Release() and defer sess.Release() have been added across various test and benchmark functions.
2. The use of defer in appropriate places ensures that sessions are properly released even if a test or benchmark fails.
3. These changes have been applied consistently throughout the file, including in complex scenarios like concurrency tests.

This systematic improvement in resource handling enhances the reliability and cleanliness of the test suite, reducing the risk of resource leaks and improving overall test stability.

---

Line range hint 1-1260: Comprehensive enhancements to session middleware testing

The changes in this file represent a significant improvement to the session middleware test suite:

1. Consistent resource management: The addition of sess.Release() calls throughout the file ensures proper cleanup of session resources.
2. Improved test coverage: New tests for various key types and absolute timeouts enhance the comprehensiveness of the suite.
3. Updated terminology: The shift from "expiration" to "idle timeout" reflects evolving session management concepts.
4. Enhanced error handling: The use of defer for session release improves the robustness of tests.
5. Better simulation of real-world scenarios: Releasing and reacquiring contexts mimics multiple request lifecycles.

These improvements contribute to a more reliable, thorough, and maintainable test suite, which in turn supports the development of a more robust session middleware.

middleware/session/data_msgp.go (3)

39-42: Ensure correct MessagePack encoding for empty maps.

The EncodeMsg method writes a fixed byte 0x80, which represents an empty map in MessagePack format. Since the data struct appears to have no fields to serialize, this is appropriate. However, confirm that writing an empty map aligns with the expected behavior of the session serialization.

Consider verifying that the data struct has no fields and that clients can correctly deserialize an empty map without errors.

---

50-50: Consistency in handling empty maps during marshaling.

Similar to EncodeMsg, the MarshalMsg method appends 0x80 to represent an empty map. Ensure that this approach is consistent with the rest of the codebase and that deserialization on the receiving end handles this correctly.

Also applies to: 52-54

---

89-90: Confirm the Msgsize calculation is accurate.

The Msgsize method now returns a constant value s = 1, which corresponds to the size of an empty map in MessagePack (1 byte for 0x80). Verify that this accurately reflects the serialized size of the data struct.

Files that changed from the base of the PR and between f3c4e8e and e41ee74.

• middleware/session/session.go (7 hunks)
• middleware/session/session_test.go (48 hunks)

middleware/session/session.go (4)

15-24: Approved: Session struct improvements align with PR objectives

The changes to the Session struct are well-aligned with the PR objectives:

1. Renaming exp to idleTimeout improves clarity and consistency with NIST guidelines on session management.
2. The addition of the fresh field allows for better tracking of newly created sessions.

These modifications enhance the overall session management capabilities and readability of the code.

---

269-290: Approved: Improved Save method with handler-aware logic

The changes to the Save method are well-thought-out and align with the PR objectives. The check for whether the session is being used in the handler prevents unnecessary saves, improving efficiency and potentially avoiding race conditions.

The separation of concerns by introducing a saveSession method is a good practice, enhancing code readability and maintainability.

Note: The static analysis tool indicates that lines 283 and 285 are not covered by tests. Consider adding test cases to cover these new code paths:

1. When the session is being used in the handler.
2. When the session is not being used in the handler.

This will ensure the new logic is thoroughly tested and maintain high code coverage.

🧰 Tools

🪛 GitHub Check: codecov/patch

[warning] 283-283: middleware/session/session.go#L283
Added line #L283 was not covered by tests

---

[warning] 285-285: middleware/session/session.go#L285
Added line #L285 was not covered by tests

---

336-347: Approved: Consistent renaming of SetIdleTimeout method

The renaming of SetExpiry to SetIdleTimeout is a positive change that aligns well with the PR objectives. This modification:

1. Improves clarity by using more precise terminology.
2. Enhances consistency with the new idleTimeout field in the Session struct.
3. Better reflects the method's purpose in the context of session management.

The updated documentation accurately describes the method's new name and purpose, which is crucial for maintaining clear and usable APIs.

---

Line range hint 1-501: Summary: Comprehensive improvements to session management

This PR introduces significant enhancements to the session management capabilities:

1. Improved terminology consistency (e.g., idleTimeout instead of exp).
2. Enhanced session lifecycle management with the new Release method.
3. More efficient saving mechanism that avoids unnecessary operations.
4. Introduction of absolute expiration alongside idle timeout.
5. Better alignment with NIST guidelines on session management.

These changes effectively address the issues raised in #2741 and improve the overall robustness of the session middleware.

Suggestions for minor improvements have been provided in individual comments, mainly focusing on consistency and error handling. Consider addressing these to further refine the implementation.

Great work on this comprehensive update to the session management system!

🧰 Tools

🪛 GitHub Check: codecov/patch

[warning] 82-82: middleware/session/session.go#L82
Added line #L82 was not covered by tests

middleware/session/session_test.go (9)

Line range hint 20-35: Improved session store initialization and resource management

The changes in this segment look good. The use of NewStore() aligns with the refactoring mentioned in the PR objectives. Additionally, the introduction of sess.Release() and app.ReleaseCtx(ctx) calls improves resource management by ensuring that resources are properly released after use.

---

Line range hint 49-74: Enhanced flexibility in session key types

The changes in this segment improve the flexibility of the session middleware by allowing keys of any type, not just strings. This is evident from the change of []string{} to []any{} for the empty keys slice. This enhancement aligns well with the PR objectives of improving session management.

---

Line range hint 84-110: Improved resource management and error handling

The additions in this segment further enhance resource management. The use of defer sess.Release() ensures that the session is properly released even if an error occurs during the test execution. This is a good practice that improves the robustness of the tests.

---

Line range hint 121-287: Consistent refactoring applied to test setup

The changes in this large segment are consistent with the overall refactoring of the session middleware. The use of NewStore() and additional Release() calls maintain the improved resource management seen in earlier changes. The core test logic remains unchanged, which is good for preserving test coverage.

---

330-503: Comprehensive test added for session key types

Excellent addition of the Test_Session_KeyTypes function. This new test significantly enhances the coverage of the session middleware by testing various key types, including both primitive and custom types. The inclusion of checks for unregistered key types is particularly valuable, as it verifies the robustness of the type handling system. This addition aligns well with the PR objectives of improving session management and enhances the overall quality of the test suite.

---

Line range hint 557-616: Aligned test with new IdleTimeout terminology

The changes in this segment successfully update the test to use the new IdleTimeout terminology instead of Expiration. This includes renaming the test function to Test_Session_Save_IdleTimeout and using SetIdleTimeout instead of SetExpiry. These modifications accurately reflect the changes described in the PR objectives and ensure that the tests remain consistent with the updated session middleware implementation.

---

617-681: Crucial test added for AbsoluteTimeout functionality

The addition of Test_Session_Save_AbsoluteTimeout is a valuable enhancement to the test suite. This new test function verifies the behavior of sessions with absolute timeout settings, which is an important aspect of session management. The test comprehensively checks for session expiration and ensures that expired sessions cannot be retrieved by ID. This addition significantly improves the test coverage for timeout-related functionality and aligns perfectly with the PR objectives of enhancing session management.

---

Line range hint 984-1060: Consistent refactoring and improved resource management in benchmarks

The changes in the benchmark functions are consistent with the refactoring seen throughout the file. The use of NewStore() instead of New() aligns with earlier modifications. Importantly, the addition of sess.Release() calls after each benchmark iteration improves resource management, ensuring that sessions are properly cleaned up. These changes contribute to more accurate and reliable benchmark results by preventing resource leaks during testing.

---

Line range hint 1157-1260: Enhanced concurrency testing with improved resource management

The updates to the concurrency test are well-implemented and improve its robustness. The use of NewStore() is consistent with earlier changes, while the addition of sess.Release() calls ensures proper resource cleanup in concurrent scenarios. The introduction of a buffered channel for collecting errors is a smart improvement that prevents potential goroutine leaks. These changes collectively enhance the reliability of the concurrency test and align well with the overall improvements in resource management throughout the file.

Files that changed from the base of the PR and between e41ee74 and 07092c8.

• middleware/session/session_test.go (49 hunks)

middleware/session/session_test.go (15)

11-11: Improved session management and resource handling

The changes in this section demonstrate better resource management practices:

1. Use of NewStore() instead of New() for creating stores, which likely provides more flexibility or features.
2. Addition of sess.Release() calls ensures proper cleanup of session resources.
3. The import of the uuid package suggests enhanced functionality related to unique identifiers.

These modifications contribute to more robust and efficient session handling.

Also applies to: 21-21, 36-37, 89-89, 100-101

---

50-50: Enhanced type flexibility in session data handling

The modifications in the Test_Session_Types function demonstrate improved type handling:

1. Session keys are now managed using []any instead of []string, allowing for more flexible data types in sessions.
2. Consistent with earlier changes, sess.Release() calls have been added to ensure proper resource cleanup.

These changes contribute to more versatile session data management and maintain the improved resource handling pattern.

Also applies to: 64-64, 75-75, 196-196

---

297-297: Consistent improvements in resource management

The changes in the Test_Session_Store_Reset function maintain the pattern of improvements seen throughout the file:

1. Use of NewStore() for store creation.
2. Addition of sess.Release() for proper session cleanup.
3. Use of defer app.ReleaseCtx(ctx) ensures context release even in case of panics or early returns.

These modifications contribute to more robust and consistent resource management across different test scenarios.

Also applies to: 317-325

---

331-504: Comprehensive new test for session key types

The addition of the Test_Session_KeyTypes function significantly enhances the test suite:

1. It verifies the behavior of various key types in session data, including standard types and custom structs.
2. The test includes both positive cases (registered types) and negative cases (unregistered types), ensuring robust type handling.
3. It follows the established patterns of using NewStore(), sess.Release(), and deferred context release, maintaining consistency with other tests.

This new test function greatly improves the coverage and reliability of the session middleware's type handling capabilities.

---

558-558: Improved session timeout handling and consistent resource management

The changes in the Test_Session_Save_IdleTimeout function (previously Test_Session_Save_Expiration) demonstrate important improvements:

1. The renaming of the function and the change from SetExpiry to SetIdleTimeout indicate a more precise conceptualization of session timeouts, likely aligning better with real-world usage patterns.
2. The addition of sess.Release() calls maintains the consistent pattern of improved resource management seen throughout the file.

These modifications contribute to more accurate session timeout testing and maintain the improved resource handling pattern.

Also applies to: 583-583, 589-603

---

618-682: Comprehensive new test for absolute session timeouts

The addition of the Test_Session_Save_AbsoluteTimeout function significantly enhances the test suite:

1. It verifies the behavior of sessions with absolute timeout settings, a crucial aspect of session management.
2. The test covers both the validity of the session before expiration and the proper handling of expired sessions.
3. It includes an important check for the inability to retrieve an expired session by ID, ensuring proper security measures.
4. The function follows the established patterns of using NewStore(), sess.Release(), and deferred context release, maintaining consistency with other tests.

This new test function greatly improves the coverage and reliability of the session middleware's timeout handling capabilities, particularly for absolute timeouts.

---

691-691: Consistent improvement in session resource management

The changes in the Test_Session_Destroy function maintain the pattern of improved resource handling:

1. Addition of sess.Release() calls ensures proper cleanup of session resources.
2. Use of defer sess.Release() in the second part of the test guarantees session cleanup even in case of test failures.

These modifications contribute to more robust and consistent resource management, aligning with the improvements seen throughout the file.

Also applies to: 700-700, 730-730, 739-739

---

752-753: Consistent updates to session configuration testing

The changes in the Test_Session_Custom_Config function align with updates seen elsewhere in the file:

1. Use of NewStore() instead of New() for creating session stores.
2. Testing of IdleTimeout instead of Expiration, reflecting the shift in timeout handling terminology and functionality.

These modifications ensure that the custom configuration tests remain consistent with the updated session middleware API and concepts.

Also applies to: 756-757

---

788-788: Consistent improvement in session resource management

The changes in the Test_Session_Cookie_In_Middleware_Chain function maintain the pattern of improved resource handling:

1. Addition of sess.Release() calls ensures proper cleanup of session resources.
2. Use of defer sess.Release() guarantees session cleanup even in case of test failures.

These modifications contribute to more robust and consistent resource management, aligning with the improvements seen throughout the file.

Also applies to: 803-804, 807-807

---

820-820: Consistent improvement in session resource management

The changes in the Test_Session_Deletes_Single_Key function maintain the pattern of improved resource handling:

1. Addition of sess.Release() calls ensures proper cleanup of session resources.
2. Use of defer sess.Release() guarantees session cleanup even in case of test failures.

These modifications contribute to more robust and consistent resource management, aligning with the improvements seen throughout the file.

Also applies to: 831-831, 841-841, 847-847

---

862-862: Consistent updates and improvements in session handling

The changes in the Test_Session_Reset function align with improvements seen throughout the file:

1. Use of NewStore() instead of New() for creating session stores.
2. Addition of sess.Release() calls for proper resource management.
3. Updated check for empty keys using []any{} instead of []string{}, consistent with the improved type flexibility in session data handling.

These modifications ensure that the session reset tests remain consistent with the updated session middleware API and concepts, while also improving resource management.

Also applies to: 884-884, 906-906, 917-918

---

936-936: Consistent improvements in session handling and resource management

The changes in the Test_Session_Regenerate function align with improvements seen throughout the file:

1. Use of NewStore() instead of New() for creating session stores.
2. Addition of sess.Release() calls for proper resource management.
3. Use of defer sess.Release() ensures session cleanup even in case of test failures.

These modifications contribute to more robust and consistent resource management, while keeping the test aligned with the updated session middleware API.

Also applies to: 952-953, 966-966

---

985-985: Improved resource management in benchmark functions

The changes in all benchmark functions demonstrate a consistent improvement in resource handling:

1. Addition of sess.Release() calls ensures proper cleanup of session resources after each benchmark iteration.
2. Consistent use of NewStore() instead of New() for creating session stores.

These modifications are crucial for several reasons:

• They ensure that the benchmarks accurately reflect the true performance characteristics of the session middleware, including resource cleanup.
• They prevent potential resource leaks during benchmarking, which could skew results.
• They maintain consistency with the improvements made in the test functions, ensuring that benchmarks and tests use the middleware in the same way.

By implementing these changes, the benchmarks now provide a more accurate representation of the session middleware's performance and resource usage.

Also applies to: 996-997, 1003-1003, 1016-1017, 1025-1025, 1036-1038, 1046-1046, 1059-1061, 1071-1071, 1084-1084, 1090-1090, 1105-1105, 1113-1113, 1125-1125, 1133-1133, 1147-1147

---

Line range hint 1158-1262: Excellent addition of comprehensive concurrency test

The new Test_Session_Concurrency function is a significant and valuable addition to the test suite:

1. It verifies the thread-safety of the session middleware by simulating concurrent access using goroutines.
2. The test covers crucial aspects of session handling in a concurrent environment:
   • Session creation and retrieval
   • Data persistence across requests
   • Proper handling of session freshness
   • Correct functioning of session destruction
3. It employs good concurrent programming practices:
   • Use of sync.WaitGroup for synchronization
   • Buffered channel for collecting errors from goroutines
   • Proper resource management with deferred releases

This test greatly enhances the reliability of the session middleware by ensuring its correct behavior under concurrent access, which is crucial for real-world web applications.

---

Line range hint 1-1290: Summary of improvements in session middleware tests

The changes in this file represent a significant enhancement to the session middleware test suite:

1. Consistent improvement in resource management:

   • Addition of sess.Release() calls throughout all tests and benchmarks.
   • Use of defer for ensuring cleanup in various scenarios.

2. API updates:

   • Consistent use of NewStore() instead of New() for store creation.
   • Shift from Expiration to IdleTimeout in configuration and testing.

3. Enhanced type handling:

   • Use of []any instead of []string for session keys, allowing more flexible data types.

4. New comprehensive tests:

   • Addition of Test_Session_KeyTypes for thorough type handling verification.
   • Introduction of Test_Session_Save_AbsoluteTimeout for testing absolute timeout behavior.
   • Implementation of Test_Session_Concurrency for verifying thread-safety.
   • Addition of Test_Session_StoreGetDecodeSessionDataError for robust error handling checks.

5. Improved benchmark accuracy:

   • Inclusion of resource cleanup in benchmarks for more realistic performance measurements.

These changes collectively contribute to a more robust, reliable, and comprehensive test suite for the session middleware. The improvements in resource management and the addition of new test scenarios will likely lead to increased stability and accuracy in test results, as well as better coverage of real-world usage patterns and edge cases.

Files that changed from the base of the PR and between 07092c8 and 84adbe1.

• middleware/session/session_test.go (49 hunks)
• middleware/session/store.go (4 hunks)

middleware/session/store.go (8)

16-20: Improved error handling with new error variables

The addition of these new error variables enhances the error handling capabilities of the package. The error messages are consistent in capitalization and terminology, following Go conventions.

---

53-62: Enhanced NewStore function with custom type registration

The addition of custom type registration for AbsoluteTimeout improves the flexibility of the session store. This change allows for better handling of absolute timeouts in sessions.

---

77-104: Improved Get method with better documentation and session loading check

The Get method has been enhanced with detailed documentation and a check to prevent duplicate session loading. This improvement helps prevent potential issues and improves the overall robustness of the session handling.

---

106-121: Added documentation for getSession method

The addition of detailed documentation for the getSession method improves the overall clarity of the codebase and helps developers understand the method's purpose and usage.

---

187-196: Added documentation for getSessionID method

The addition of detailed documentation for the getSessionID method enhances the overall clarity of the codebase and aids developers in understanding the method's purpose and usage.

---

221-230: Added documentation for Reset method

The addition of detailed documentation for the Reset method improves the overall clarity of the codebase and helps developers understand the method's purpose and potential error handling.

---

236-248: Added documentation for Delete method

The addition of detailed documentation for the Delete method enhances the overall clarity of the codebase and aids developers in understanding the method's purpose, parameters, and potential error handling.

---

Line range hint 1-324: Overall assessment: Significant improvements to the session store implementation

The changes made to middleware/session/store.go represent a substantial improvement to the session management functionality. Key enhancements include:

1. Introduction of specific error variables for better error handling.
2. Renaming of the New function to the more descriptive NewStore.
3. Addition of comprehensive documentation for all methods.
4. Implementation of absolute timeout handling for sessions.
5. Introduction of the GetByID method for direct session retrieval.

These changes collectively improve the package's usability, robustness, and maintainability. The code is well-structured, and the new features are implemented with careful consideration for error handling and edge cases.

middleware/session/session_test.go (27)

11-11: LGTM: Added UUID package import

The addition of the github.com/google/uuid import is appropriate for generating UUIDs in the tests. This is a reliable and widely-used package for this purpose.

---

21-21: LGTM: Updated store initialization

The change from New() to NewStore() is consistent with the PR objectives mentioning a re-write of the session middleware. This new initialization method likely provides enhanced functionality or configuration options.

---

36-37: LGTM: Improved resource management

The addition of sess.Release() and the reacquisition of the context enhance resource management and ensure a clean state for subsequent test operations. This change aligns with best practices for handling sessions and contexts in tests.

---

50-50: LGTM: Enhanced type flexibility for session keys

The change from []string{} to []any{} in the assertions for sess.Keys() indicates increased flexibility in the types of keys that can be stored in the session. This modification allows for a more versatile session storage system.

Also applies to: 64-64

---

85-87: LGTM: Consistent resource cleanup

The addition of explicit sess.Release() and app.ReleaseCtx(ctx) calls ensures proper cleanup of resources after test operations. This change is consistent with earlier modifications and reinforces good resource management practices throughout the test suite.

---

100-101: LGTM: Consistent session release

The addition of sess.Release() after checking for a fresh session ensures consistent resource cleanup, even in this specific test scenario. This change aligns with the improved resource management practices implemented throughout the test suite.

---

111-111: LGTM: Robust session cleanup with defer

The addition of a deferred sess.Release() call ensures that the session is properly released even in case of early returns or panics. This is a robust Go practice for resource management and improves the overall reliability of the test cleanup.

---

122-122: LGTM: Consistent store initialization

The change from New() to NewStore() in the Test_Session_Types function maintains consistency with earlier modifications. This ensures that the new store initialization method is used uniformly across all tests in the suite.

---

196-198: LGTM: Consistent resource management in Test_Session_Types

The addition of session release and context reacquisition in the Test_Session_Types function maintains consistency with the resource management improvements implemented throughout the test suite. These changes ensure a clean state between different parts of the test, enhancing test isolation and reliability.

---

288-289: LGTM: Final session cleanup in Test_Session_Types

The addition of sess.Release() at the end of the Test_Session_Types function ensures proper cleanup of the session resource. This change completes the consistent resource management pattern implemented throughout the test suite.

---

297-297: LGTM: Consistent store initialization in Test_Session_Store_Reset

The change from New() to NewStore() in the Test_Session_Store_Reset function maintains consistency with earlier modifications. This ensures that the new store initialization method is used uniformly across all tests in the suite.

---

317-325: LGTM: Enhanced resource management in Test_Session_Store_Reset

The additions of session release, context reacquisition, and deferred releases in the Test_Session_Store_Reset function align with the improved resource management practices implemented throughout the test suite. The use of defer ensures proper cleanup even in case of early returns or panics, enhancing overall test reliability.

---

513-513: LGTM: Consistent store initialization in Test_Session_Save

The change from New() to NewStore() in the Test_Session_Save function maintains consistency with earlier modifications. This ensures that the new store initialization method is used uniformly across all tests in the suite.

---

528-528: LGTM: Consistent session cleanup in Test_Session_Save

The addition of sess.Release() calls at the end of each subtest in Test_Session_Save ensures proper cleanup of session resources. These changes maintain consistency with the improved resource management practices implemented throughout the test suite.

Also applies to: 554-554

---

709-709: LGTM: Consistent updates in Test_Session_Destroy

The changes in Test_Session_Destroy, including the use of NewStore() for initialization and the addition of session releases, align with the modifications seen throughout the file. These updates improve resource management and maintain consistency across the test suite.

Also applies to: 730-730, 748-748, 757-757

---

770-775: LGTM: Improved configuration testing

The updates in Test_Session_Custom_Config enhance the testing of configuration options. The use of NewStore() with custom configuration and the checks for both custom and default values provide better coverage for the store's configuration capabilities.

---

782-782: LGTM: Enhanced cookie testing and consistent updates

The changes in Test_Session_Cookie, including the use of NewStore(), addition of session release, and updated cookie checking logic, align with the improvements seen throughout the file. The more specific cookie validation enhances the test's effectiveness.

Also applies to: 794-795, 797-799

---

806-806: LGTM: Consistent updates in middleware chain test

The changes in Test_Session_Cookie_In_Middleware_Chain, including the use of NewStore() and the addition of session releases, align with the improvements seen throughout the file. These updates enhance resource management and maintain consistency across the test suite.

Also applies to: 821-822, 825-825

---

838-838: LGTM: Consistent resource management in single key deletion test

The updates in Test_Session_Deletes_Single_Key, including the use of NewStore() and the addition of session releases (including a deferred release), align with the improvements seen throughout the file. These changes enhance resource management and maintain consistency across the test suite.

Also applies to: 849-849, 859-859, 865-865

---

880-880: LGTM: Consistent updates and improved type handling in reset test

The changes in Test_Session_Reset, including the use of NewStore(), addition of session releases, and updated type assertion, align with the improvements seen throughout the file. The change from []string to []any enhances type flexibility. These updates improve resource management and maintain consistency across the test suite.

Also applies to: 902-902, 924-924, 935-936

---

954-954: LGTM: Consistent updates in regenerate test

The changes in Test_Session_Regenerate, including the use of NewStore() and the addition of session releases, align with the improvements seen throughout the file. These updates enhance resource management and maintain consistency across the test suite.

Also applies to: 970-971, 984-984

---

Line range hint 1003-1015: LGTM: Improved resource management in benchmarks

The updates in Benchmark_Session, including the use of NewStore() and the addition of session releases within the benchmark loops, align with the improvements seen throughout the file. These changes ensure proper resource management even during performance testing, which is crucial for accurate benchmarking results.

Also applies to: 1021-1035

---

Line range hint 1043-1056: LGTM: Consistent resource management in parallel benchmarks

The changes in Benchmark_Session_Parallel, including the use of NewStore() and the addition of session releases within the parallel benchmark loops, align with the improvements seen throughout the file. These updates ensure proper resource management even during parallel performance testing, which is essential for accurate and reliable benchmark results.

Also applies to: 1064-1079

---

Line range hint 1089-1102: LGTM: Improved resource management in asserted benchmarks

The updates in Benchmark_Session_Asserted, including the use of NewStore() and the addition of session releases within the asserted benchmark loops, align with the improvements seen throughout the file. These changes ensure proper resource management even during asserted performance testing, contributing to more accurate and reliable benchmark results.

Also applies to: 1108-1123

---

Line range hint 1131-1143: LGTM: Consistent resource management in parallel asserted benchmarks

The changes in Benchmark_Session_Asserted_Parallel, including the use of NewStore() and the addition of session releases within the parallel asserted benchmark loops, align with the improvements seen throughout the file. These updates ensure proper resource management even during parallel asserted performance testing, contributing to more accurate and reliable benchmark results.

Also applies to: 1151-1165

---

1176-1176: LGTM: Enhanced resource management in concurrency test

The updates in Test_Session_Concurrency, including the use of NewStore() and the addition of session releases in concurrent test operations, align with the improvements seen throughout the file. These changes ensure proper resource management even during concurrent testing scenarios, which is crucial for detecting race conditions and ensuring thread-safety of the session handling.

Also applies to: 1190-1190, 1214-1216, 1233-1233

---

Line range hint 1-1319: Overall: Significant improvements in session testing and resource management

This update to the session middleware test file brings substantial enhancements:

1. Consistent use of NewStore() for initialization across all tests and benchmarks.
2. Significantly improved resource management with consistent session releases.
3. Enhanced test coverage, including new tests for key types, absolute timeout, and error handling.
4. Updated benchmarks to ensure proper resource management during performance testing.
5. Improved concurrency testing to ensure thread-safety of session handling.

These changes align well with the PR objectives of re-writing the session middleware with improved management and error handling. The expanded test coverage, especially for new features like absolute timeout and various key types, contributes to the overall robustness of the session middleware.

The consistent updates across all test

Files that changed from the base of the PR and between 84adbe1 and eac16b6.

• middleware/session/session.go (8 hunks)
• middleware/session/session_test.go (50 hunks)
• middleware/session/store.go (4 hunks)
• middleware/session/store_test.go (6 hunks)

middleware/session/store_test.go (7)

23-23: LGTM: Consistent renaming of New() to NewStore()

The changes in the Test_Store_getSessionID function correctly implement the renaming of New() to NewStore(). This maintains consistency with the updated API and doesn't alter the logic of the test cases.

Also applies to: 36-38, 51-53

---

76-76: LGTM: Consistent renaming in Test_Store_Get

The change in the Test_Store_Get function correctly implements the renaming of New() to NewStore(). This maintains consistency with the updated API and doesn't alter the logic of the test case.

---

96-96: LGTM: Consistent renaming in Test_Store_DeleteSession

The change in the Test_Store_DeleteSession function correctly implements the renaming of New() to NewStore(). This maintains consistency with the updated API and doesn't alter the logic of the test case.

---

120-140: Good addition, but consider using NewStore()

The new test case TestStore_Get_SessionAlreadyLoaded is a valuable addition, covering an important error scenario. However, at line 132, consider using NewStore() instead of &Store{} to ensure proper initialization and consistency with other tests:

store := NewStore()

This change will ensure that any initialization logic in NewStore() is not bypassed.

---

142-156: LGTM: Comprehensive test cases for Delete method

The new TestStore_Delete function adds valuable test coverage for the Delete method. It correctly tests two important scenarios:

1. Attempting to delete with an empty session ID (expecting an error).
2. Attempting to delete a non-existing session (expecting no error).

The use of NewStore() is consistent with other tests, and the error checking is appropriate.

---

158-218: LGTM with a suggestion: Release the acquired context

The new Test_Store_GetByID function is a great addition, providing comprehensive coverage for the GetByID method across various scenarios. However, there's a minor improvement to be made:

At line 182, a new context is acquired:

ctx := fiber.New().AcquireCtx(&fasthttp.RequestCtx{})

To prevent potential resource leaks, especially in tests that may run in parallel, it's recommended to release this context after use. Add the following line at the end of the "valid session ID" subtest:

fiber.New().ReleaseCtx(ctx)

This ensures proper cleanup of resources and aligns with best practices for context management in Fiber.

---

Line range hint 1-218: Overall assessment: Good improvements with minor suggestions

The changes to middleware/session/store_test.go are generally well-implemented and valuable:

1. Consistent renaming of New() to NewStore() throughout the file.
2. Addition of new test cases (TestStore_Get_SessionAlreadyLoaded, TestStore_Delete, and Test_Store_GetByID) that improve coverage and test important scenarios.

Minor suggestions for improvement:

1. In TestStore_Get_SessionAlreadyLoaded, consider using NewStore() instead of &Store{} for consistency.
2. In the "valid session ID" subtest of Test_Store_GetByID, remember to release the acquired context to prevent potential resource leaks.

These changes significantly enhance the test suite for the session middleware, providing better coverage and aligning with best practices.

middleware/session/store.go (4)

16-20: Improved error handling with new error variables

The addition of these new error variables enhances the error handling capabilities of the package. The error messages are clear, consistent, and follow Go conventions.

---

77-104: Enhanced Get method with duplicate loading prevention

The addition of a check for an already loaded session is a valuable safeguard against potential inconsistencies. The detailed documentation provides clear guidance on the method's behavior and possible errors.

---

236-254: Improved Delete method with input validation

The addition of detailed documentation and the check for an empty session ID enhance the method's usability and robustness. The empty ID check is a good safeguard against potential errors.

---

Line range hint 1-322: Overall assessment: Significant improvements to session management

The changes made to middleware/session/store.go represent a substantial enhancement to the session management capabilities of the package. Key improvements include:

1. Better error handling with new, specific error variables
2. Enhanced documentation across all methods
3. Improved session retrieval and management logic
4. New features such as absolute timeout handling

The identified issues are minor and can be easily addressed. Once these are resolved and test coverage is improved for the error handling paths, the changes will greatly benefit the overall quality and functionality of the session management system.

🧰 Tools

🪛 GitHub Check: codecov/patch

[warning] 290-290: middleware/session/store.go#L290
Added line #L290 was not covered by tests

---

[warning] 315-315: middleware/session/store.go#L315
Added line #L315 was not covered by tests

middleware/session/session.go (8)

15-24: Approved: Session struct improvements

The changes to the Session struct are well-aligned with the PR objectives. Renaming exp to idleTimeout improves clarity, and the addition of the fresh field enhances session management capabilities.

---

26-31: Approved: New constants for absolute expiration

The addition of absExpirationKeyType and absExpirationKey provides a structured way to manage absolute expiration times for sessions. This enhancement aligns well with the PR objectives for improved session management.

---

41-42: Approved: Improved sessionPool initialization

The change to return a pointer to a new Session in the sessionPool's New function ensures proper initialization of new sessions. This is a good practice for memory management and consistency.

---

296-322: Approved: New saveSession method for improved session management

The addition of the saveSession method is a good improvement in code organization. It separates the concerns of saving session data from the main Save method, enhancing maintainability. The automatic setting of idleTimeout ensures consistent session management across the application.

---

340-351: Approved: Renamed SetIdleTimeout method

The renaming of SetExpiry to SetIdleTimeout is a positive change that improves clarity and consistency in the API. This aligns well with the PR objectives to address inconsistencies in session handling. The updated documentation accurately reflects the method's purpose.

---

Line range hint 354-387: Approved: Updated setSession method using idleTimeout

The changes in the setSession method correctly implement the use of idleTimeout for setting cookie expiration. This is consistent with the earlier changes in the Session struct and ensures that session cookies are managed correctly based on the idle timeout.

🧰 Tools

🪛 GitHub Check: codecov/patch

[warning] 287-287: middleware/session/session.go#L287
Added line #L287 was not covered by tests

---

[warning] 289-289: middleware/session/session.go#L289
Added line #L289 was not covered by tests

---

[warning] 335-335: middleware/session/session.go#L335
Added line #L335 was not covered by tests

---

Line range hint 1-513: Overall assessment: Significant improvements in session management

This PR introduces substantial enhancements to the session middleware:

1. Improved clarity with the renaming of exp to idleTimeout.
2. Enhanced resource management with the new Release method.
3. More efficient session saving with handler-aware checks.
4. Better separation of concerns with the new saveSession method.
5. Introduction of absolute expiration management.

These changes align well with the PR objectives and address the issues raised in #2741. The code is generally well-structured and documented.

Some minor suggestions for improvement have been made:

• Enhancing error handling in acquireSession.
• Adding a check to prevent double release in the Release method.
• Improving test coverage for the new code paths in the Save method.
• Adding a method to clear absolute expiration.

Overall, this is a solid improvement to the session middleware.

🧰 Tools

🪛 GitHub Check: codecov/patch

[warning] 82-82: middleware/session/session.go#L82
Added line #L82 was not covered by tests

---

269-294: Approved: Improved Save method with handler-aware logic

The changes to the Save method are well-thought-out and align with the PR objectives. The check for whether the session is being used in the handler prevents unnecessary saves, improving efficiency.

Note: The static analysis tool indicates that lines 287 and 289 are not covered by tests. Consider adding test cases to cover these new code paths to ensure robustness.

To verify the test coverage, you can run the following command:

This will help identify the specific lines that need additional test coverage.

🧰 Tools

🪛 GitHub Check: codecov/patch

[warning] 287-287: middleware/session/session.go#L287
Added line #L287 was not covered by tests

---

[warning] 289-289: middleware/session/session.go#L289
Added line #L289 was not covered by tests

middleware/session/session_test.go (9)

11-11: LGTM: Added import for uuid package

The addition of the "github.com/google/uuid" import is appropriate for generating unique identifiers in session management.

---

21-21: Improved session management and flexibility

1. Changed from New() to NewStore() for store creation, which aligns with the new naming convention.
2. Added sess.Release() and app.ReleaseCtx(ctx) calls, improving resource management by explicitly releasing sessions and contexts.
3. Changed key type from []string to []any, allowing for more flexible key types in sessions.

These changes enhance the overall robustness and flexibility of the session management system.

Also applies to: 36-37, 50-50, 64-64, 75-75, 85-87, 100-101

---

513-513: Enhanced session lifecycle management

1. Consistently changed from New() to NewStore() for store creation.
2. Added sess.Release() calls, further improving resource management.
3. Changed from SetExpiry() to SetIdleTimeout(), indicating a more precise approach to session timeout handling.
4. Added new verification code to ensure proper session expiration and creation of new sessions.

These changes significantly improve the session lifecycle management, ensuring proper resource cleanup and more accurate timeout handling.

Also applies to: 528-528, 534-534, 554-554, 566-566, 583-583, 589-589, 602-603, 608-615

---

558-558: Improved test coverage for session timeout mechanisms

1. Renamed Test_Session_Save_Expiration to Test_Session_Save_IdleTimeout, accurately reflecting the change in timeout mechanism.
2. Added new test function Test_Session_Save_AbsoluteTimeout, which provides coverage for the newly implemented absolute timeout feature.

These changes enhance the test suite by ensuring both idle timeout and absolute timeout mechanisms are properly tested. The new test thoroughly checks various aspects of the absolute timeout behavior, including:

• Correct timeout application
• Session data persistence and retrieval
• Proper session expiration and recreation

This addition significantly improves the robustness of the session management testing.

Also applies to: 618-698

---

709-709: Improved session management, flexibility, and verification

1. Consistently changed from New() to NewStore() for store creation throughout the file.
2. Added sess.Release() calls in various places, ensuring proper resource management.
3. Introduced a custom key generator in the store configuration, allowing for more flexibility in session ID creation.
4. Added cookie verification code to ensure that session cookies are properly set.

These changes enhance the overall robustness of the session management system by improving resource handling, allowing for custom session ID generation, and verifying proper cookie setting. The consistency in using NewStore() and Release() calls throughout the file is commendable.

Also applies to: 718-718, 730-730, 748-748, 757-757, 770-771, 774-775, 782-782, 794-795, 797-799, 806-806, 821-822, 825-825, 838-838, 849-849, 859-859, 865-865, 880-880

---

902-902: Consistent improvement in resource management

Throughout these changes, there's a clear focus on improving and maintaining consistent resource management:

1. Added sess.Release() calls consistently across various test functions and benchmarks.
2. Included app.ReleaseCtx(c) calls where appropriate to release context resources.
3. Continued the pattern of changing from New() to NewStore() for store creation.

These modifications significantly enhance the overall resource handling in the test suite. By explicitly releasing sessions and contexts, the code reduces the risk of resource leaks and improves overall performance, especially in benchmark scenarios.

The consistency in applying these changes across different parts of the file is commendable and contributes to a more robust and reliable test suite.

Also applies to: 924-924, 935-936, 954-954, 970-971, 984-984, 1003-1003, 1014-1015, 1021-1021, 1034-1035, 1043-1043, 1054-1056, 1064-1064, 1077-1079, 1089-1089, 1102-1102, 1108-1108, 1123-1123, 1131-1131, 1143-1143, 1151-1151, 1165-1165, 1176-1176

---

1280-1318: Excellent addition of error handling test

The new test function Test_Session_StoreGetDecodeSessionDataError is a valuable addition to the test suite. It covers an important edge case in session management:

1. It simulates a scenario where invalid session data is stored.
2. It tests both store.Get() and store.GetByID() methods with this invalid data.
3. It verifies that appropriate errors are returned and that the error messages are as expected.

This test enhances the robustness of the session management system by ensuring proper handling of corrupted or invalid session data. It's particularly important for maintaining data integrity and security in the session middleware.

The structure of the test is clear and thorough, making it easy to understand the scenario being tested and the expected outcomes.

---

Line range hint 1-1318: Summary: Significant improvements in session management and testing

The changes in this file represent a substantial enhancement to the session middleware and its testing suite:

1. Consistent improvement in resource management through the addition of Release() calls for both sessions and contexts.
2. Introduction of new timeout mechanisms, including the change from expiration to idle timeout and the addition of absolute timeout.
3. Enhanced flexibility with the use of []any for session keys and the option for custom key generators.
4. Improved error handling and edge case coverage, particularly with the new test for decoding invalid session data.
5. Better naming conventions and consistency in function calls (e.g., NewStore() instead of New()).

These modifications significantly contribute to the robustness, efficiency, and maintainability of the session middleware. The expanded test coverage ensures that the new features and edge cases are properly handled, reducing the likelihood of bugs in production.

The changes align well with the stated objectives in the PR description, particularly in re-writing the session middleware with improved management and introducing breaking changes for better consistency and adherence to standards.

---

1190-1190: Improved session handling and resource management

1. Changed from store.Get(localCtx) to store.getSession(localCtx), potentially using a new internal method for session retrieval.
2. Added sess.Release() and defer sess.Release() calls, further improving resource management.

These changes continue to enhance the resource handling in the test suite. The use of getSession instead of Get might indicate a more specific or optimized method for session retrieval in this context.

To ensure the correctness of the getSession method, please run the following verification:

Also applies to: 1214-1216, 1233-1233

✅ Verification successful

Session retrieval method verified

The getSession method exists and is utilized correctly within the middleware/session package. The changes effectively enhance session handling and resource management as intended.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Verify the existence and usage of the getSession method
rg --type go "func.*getSession" ./middleware/session
rg --type go "store\.getSession" ./middleware/session

Length of output: 1112

Files that changed from the base of the PR and between eac16b6 and e5e5fd8.

• docs/middleware/session.md (1 hunks)
• middleware/session/store.go (4 hunks)
• middleware/session/store_test.go (6 hunks)

middleware/session/store_test.go (5)

23-23: LGTM: Consistent renaming of New() to NewStore()

The changes in the Test_Store_getSessionID function correctly implement the renaming of New() to NewStore(). This modification is consistent across all test cases within the function, maintaining the intended functionality while updating the API.

Also applies to: 36-38, 51-53

---

76-76: LGTM: Consistent renaming in Test_Store_Get

The change in the Test_Store_Get function correctly implements the renaming of New() to NewStore(). This modification maintains consistency with the updated API.

---

96-96: LGTM: Consistent renaming in Test_Store_DeleteSession

The change in the Test_Store_DeleteSession function correctly implements the renaming of New() to NewStore(). This modification maintains consistency with the updated API.

---

142-156: LGTM: Comprehensive test cases for Store.Delete

The new TestStore_Delete function is a valuable addition to the test suite. It covers two important scenarios:

1. Attempting to delete a session with an empty ID, which correctly returns an ErrEmptySessionID error.
2. Attempting to delete a non-existing session, which correctly doesn't return an error.

These test cases enhance the robustness of the session deletion functionality and provide good coverage for edge cases.

---

Line range hint 1-217: Overall assessment: Significant improvement in test coverage

The changes to middleware/session/store_test.go represent a substantial enhancement to the test suite for session management. Key improvements include:

1. Consistent renaming of New() to NewStore() across all test cases.
2. Addition of new test functions that cover important scenarios:
   • TestStore_Get_SessionAlreadyLoaded
   • TestStore_Delete
   • Test_Store_GetByID

These additions significantly improve the test coverage for session creation, retrieval, manipulation, and deletion. They also address edge cases and error conditions, enhancing the overall robustness of the session management system.

The suggested minor improvements (using NewStore() consistently and releasing acquired contexts) will further refine the test suite. Overall, these changes contribute to a more comprehensive and reliable testing framework for the session middleware.

middleware/session/store.go (4)

16-20: LGTM: New error variables enhance error handling

The introduction of ErrSessionAlreadyLoadedByMiddleware and ErrSessionIDNotFoundInStore, along with the update to ErrEmptySessionID, improves error handling specificity. The error messages are consistent and follow Go conventions.

---

35-62: LGTM: Improved NewStore function with enhanced documentation and functionality

The renaming of New to NewStore improves clarity. The added documentation, including parameters, return values, and usage examples, enhances developer understanding. The new absolute timeout handling aligns well with the PR objectives for improved session management.

---

77-104: LGTM: Enhanced Get method with improved error handling

The addition of a check for sessions already loaded by middleware prevents potential issues with duplicate loading. The updated documentation clearly explains this new behavior, enhancing the method's usability and robustness.

---

237-255: LGTM: Enhanced Delete method with improved documentation and error handling

The addition of detailed documentation, including parameters, return values, and usage examples, significantly improves the method's usability. The new error handling for empty session IDs enhances the robustness of the method.

docs/middleware/session.md (2)

125-176: LGTM! Well-structured Types section.

The Types section clearly defines the Config, Middleware, Session, and Store structs, providing users with a comprehensive overview of the key components in the session middleware. The inclusion of code snippets for each type enhances understanding.

---

Line range hint 1-477: Excellent documentation update for the session middleware.

This comprehensive update to the session middleware documentation significantly enhances its usefulness for Fiber users. Key strengths include:

1. Detailed migration guide from v2 to v3.
2. Clear explanations of new concepts like IdleTimeout and AbsoluteTimeout.
3. Comprehensive examples covering various use cases.
4. Well-structured Config section with detailed explanations.
5. Inclusion of important security notices and best practices.

The minor formatting and consistency issues identified earlier do not detract from the overall quality of the documentation. Once addressed, this will be an exemplary resource for developers using the Fiber framework.

🧰 Tools

🪛 LanguageTool

[style] ~238-~238: This phrase is redundant. Consider using “outside”.
Context: ...method when you need to manage sessions outside of the standard HTTP workflow, such as in ...

(OUTSIDE_OF)

---

[style] ~455-~455: Consider using “inaccessible” to avoid wordiness.
Context: ... | Ensures session cookie is not accessible to JavaScript (HTTP only). ...

(NOT_ABLE_PREMIUM)

🪛 Markdownlint

232-232: Expected: 1; Actual: 0; Above
Headings should be surrounded by blank lines

(MD022, blanks-around-headings)

---

236-236: Expected: 1; Actual: 0; Below
Headings should be surrounded by blank lines

(MD022, blanks-around-headings)

---

240-240: Expected: 1; Actual: 0; Below
Headings should be surrounded by blank lines

(MD022, blanks-around-headings)

---

245-245: Expected: 1; Actual: 0; Below
Headings should be surrounded by blank lines

(MD022, blanks-around-headings)

---

236-236: Punctuation: ':'
Trailing punctuation in heading

(MD026, no-trailing-punctuation)

---

240-240: Punctuation: ':'
Trailing punctuation in heading

(MD026, no-trailing-punctuation)

---

245-245: Punctuation: ':'
Trailing punctuation in heading

(MD026, no-trailing-punctuation)

---

237-237: null
Lists should be surrounded by blank lines

(MD032, blanks-around-lists)

---

241-241: null
Lists should be surrounded by blank lines

(MD032, blanks-around-lists)

---

246-246: null
Lists should be surrounded by blank lines

(MD032, blanks-around-lists)

---

247-247: null
Lists should be surrounded by blank lines

(MD032, blanks-around-lists)

🪛 GitHub Check: markdownlint

[failure] 232-232: Headings should be surrounded by blank lines
docs/middleware/session.md:232 MD022/blanks-around-headings Headings should be surrounded by blank lines [Expected: 1; Actual: 0; Above] [Context: "#### GetByID Method"] https://github.com/DavidAnson/markdownlint/blob/v0.35.0/doc/md022.md

---

[failure] 236-236: Headings should be surrounded by blank lines
docs/middleware/session.md:236 MD022/blanks-around-headings Headings should be surrounded by blank lines [Expected: 1; Actual: 0; Below] [Context: "##### Key Features:"] https://github.com/DavidAnson/markdownlint/blob/v0.35.0/doc/md022.md

---

[failure] 236-236: Trailing punctuation in heading
docs/middleware/session.md:236:19 MD026/no-trailing-punctuation Trailing punctuation in heading [Punctuation: ':'] https://github.com/DavidAnson/markdownlint/blob/v0.35.0/doc/md026.md

---

[failure] 237-237: Lists should be surrounded by blank lines
docs/middleware/session.md:237 MD032/blanks-around-lists Lists should be surrounded by blank lines [Context: "- Context Independence: Se..."] https://github.com/DavidAnson/markdownlint/blob/v0.35.0/doc/md032.md

---

[failure] 240-240: Headings should be surrounded by blank lines
docs/middleware/session.md:240 MD022/blanks-around-headings Headings should be surrounded by blank lines [Expected: 1; Actual: 0; Below] [Context: "##### Usage Considerations:"] https://github.com/DavidAnson/markdownlint/blob/v0.35.0/doc/md022.md

---

[failure] 240-240: Trailing punctuation in heading
docs/middleware/session.md:240:27 MD026/no-trailing-punctuation Trailing punctuation in heading [Punctuation: ':'] https://github.com/DavidAnson/markdownlint/blob/v0.35.0/doc/md026.md

---

[failure] 241-241: Lists should be surrounded by blank lines
docs/middleware/session.md:241 MD032/blanks-around-lists Lists should be surrounded by blank lines [Context: "- Manual Persistence: Sinc..."] https://github.com/DavidAnson/markdownlint/blob/v0.35.0/doc/md032.md

---

[failure] 245-245: Headings should be surrounded by blank lines
docs/middleware/session.md:245 MD022/blanks-around-headings Headings should be surrounded by blank lines [Expected: 1; Actual: 0; Below] [Context: "##### Example Use Cases:"] https://github.com/DavidAnson/markdownlint/blob/v0.35.0/doc/md022.md

---

[failure] 245-245: Trailing punctuation in heading
docs/middleware/session.md:245:24 MD026/no-trailing-punctuation Trailing punctuation in heading [Punctuation: ':'] https://github.com/DavidAnson/markdownlint/blob/v0.35.0/doc/md026.md

---

[failure] 246-246: Lists should be surrounded by blank lines
docs/middleware/session.md:246 MD032/blanks-around-lists Lists should be surrounded by blank lines [Context: "- Scheduled Jobs: Retrieve..."] https://github.com/DavidAnson/markdownlint/blob/v0.35.0/doc/md032.md