采用gorilla库导致API2的Cookie伪造不可用

稍微跟了一下，gorilla对cookie的处理中，只是用key把session id解出来
然后去找对应的文件读取用户的信息
![image](https://user-images.githubusercontent.com/40162856/149295080-60ac3eec-8035-4393-96bc-dd0d71715c99.png)

![1ff2092410dec2130575256ca648eb1](https://user-images.githubusercontent.com/40162856/149294802-fd256eca-e72b-42af-8f1a-98188be05eb2.png)

所以只有在知道session id的情况下才能伪造用户cookie
导致API2: Broken authentication无法正常工作
虽然/static/sessions/路由能看到id，但与预期解法不一致了


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

采用gorilla库导致API2的Cookie伪造不可用 #6

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

采用gorilla库导致API2的Cookie伪造不可用 #6

Description

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions