Bug Description
The session middleware explicitly panics when Store.getSession() fails. In production, session store failures (Redis down, network partition, database timeout) are realistic scenarios that should return an error, not crash the server.
How to Reproduce
Steps to reproduce the behavior:
- Configure session middleware with a Redis store
- Stop the Redis server
- Send any request
cfg.Store.getSession(c) returns an errorpanic(err) crashes the server
Affected Code
middleware/session/middleware.go:149:
session, err := cfg.Store.getSession(c)
if err != nil {
panic(err) // handle or log this error appropriately in production
}The comment literally acknowledges the deficiency.
Expected Behavior
Return the error instead of panicking:
session, err := cfg.Store.getSession(c)
if err != nil {
return fmt.Errorf("session: failed to get session: %w", err)
}Related
Fiber Version
v3 (latest main branch)
Bug Description
The session middleware explicitly panics when
Store.getSession()fails. In production, session store failures (Redis down, network partition, database timeout) are realistic scenarios that should return an error, not crash the server.How to Reproduce
Steps to reproduce the behavior:
cfg.Store.getSession(c)returns an errorpanic(err)crashes the serverAffected Code
middleware/session/middleware.go:149:The comment literally acknowledges the deficiency.
Expected Behavior
Return the error instead of panicking:
Related
defaultRequestHandler(same crash class)Fiber Version
v3 (latest main branch)