Updating dependencies breaks login: securecookie: hash key is not set

[lesichkovm]

Not sure why you need the gorilla/sessions package but updating the intenal depemdencies to the latest version breaks gothic login:

github.com/gorilla/securecookie v1.1.1 // indirect
github.com/gorilla/sessions v1.2.2 // indirect

Upgrading to:

github.com/gorilla/securecookie v1.1.2 // indirect
github.com/gorilla/sessions v1.2.1 // indirect

Causes the login to fail with the message displayed on the screen

securecookie: hash key is not set

In addition the following message is displayed:

goth/gothic: no SESSION_SECRET environment variable is set. The default cookie store is not available and any calls will fail. Ignore this warning if you are using a different store.

Note! I do not use the default cookie store, so I ignore this message.

[akclace]

I updated gorilla sessions and securecookie and hit this error. Adding a block key in the call to sessions.NewCookieStore fixed it. So do

sessions.NewCookieStore([]byte(sessionKey), []byte(sessionBlockKey))

instead of

sessions.NewCookieStore([]byte(sessionKey)))

[lesichkovm]

Until there is a resolution. For anyone having this issue, the currently working combination is:

github.com/gorilla/securecookie v1.1.1 // indirect
github.com/gorilla/sessions v1.1.1 // indirect

[lesichkovm]

@markbates can we get this fixed, it very annoying, login breaks every time you update the dependencies