Don't fully reset session with using /auth

cmd/eksterd/http.go

@@ -292,6 +292,7 @@ func (h *mainHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 				sess.Me = authResponse.Me
 				sess.LoggedIn = true
 				saveSession(sessionVar, &sess, conn)
+				log.Printf("SESSION: %#v\n", sess)
 				if sess.NextURI != "" {
 					http.Redirect(w, r, sess.NextURI, 302)
 				} else {
@@ -392,20 +393,19 @@ func (h *mainHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		} else if r.URL.Path == "/auth" {
 			// check if we are logged in
 			// TODO: if not logged in, make sure we get back here
-			c, err := r.Cookie("session")
+
-			if err == http.ErrNoCookie {
+			sessionVar := getSessionCookie(w, r)
-				http.Redirect(w, r, "/", 302)
+
-				return
-			}
-			sessionVar := c.Value
 			sess, err := loadSession(sessionVar, conn)
 
 			if !isLoggedIn(h.Backend, &sess) {
+				sess.NextURI = r.URL.String()
+				saveSession(sessionVar, &sess, conn)
 				http.Redirect(w, r, "/", 302)
 				return
 			}
-			sess.NextURI = r.URL.String()
 
+			sess.NextURI = r.URL.String()
 			saveSession(sessionVar, &sess, conn)
 
 			query := r.URL.Query()
@@ -492,13 +492,13 @@ func (h *mainHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 			state := util.RandStringBytes(16)
 			redirectURI := fmt.Sprintf("%s/session/callback", os.Getenv("EKSTER_BASEURL"))
 
-			sess := session{
+			sess, err := loadSession(sessionVar, conn)
-				AuthorizationEndpoint: endpoints.AuthorizationEndpoint,
+
-				Me:          meURL.String(),
+			sess.AuthorizationEndpoint = endpoints.AuthorizationEndpoint
-				State:       state,
+			sess.Me = meURL.String()
-				RedirectURI: redirectURI,
+			sess.State = state
-				LoggedIn:    false,
+			sess.RedirectURI = redirectURI
-			}
+			sess.LoggedIn = false
 			saveSession(sessionVar, &sess, conn)
 
 			authenticationURL := indieauth.CreateAuthenticationURL(*authURL, meURL.String(), ClientID, redirectURI, state)