Skip to content

Remove duplicate logging in session.go, fix logUnified misuse#2788

Merged
lpcox merged 3 commits intomainfrom
copilot/duplicate-code-reduce-dual-logging
Mar 29, 2026
Merged

Remove duplicate logging in session.go, fix logUnified misuse#2788
lpcox merged 3 commits intomainfrom
copilot/duplicate-code-reduce-dual-logging

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Mar 29, 2026
edited
Loading

session.go had three dual-logging antipatterns where the same event was written to both logSession/logUnified (debug logger) and log (stdlib), causing double log entries and split authority over session log messages.

Changes

  • Remove exact duplicate (getSessionID): dropped log.Printf("Extracted session ID from context: …") — identical to the logSession.Printf above it
  • Remove near-identical duplicate (requireSession): dropped log.Printf("Checking session for ID: …") — same event as logSession.Printf
  • Remove dual log (ensureSessionDirectory): dropped log.Printf("Created payload directory for session: …") — redundant after switching to logSession
  • Fix logger inconsistency (ensureSessionDirectory): changed logUnified.Printf(…)logSession.Printf(…) — session-scoped events belong on the session logger, not the unified server logger

Before:

// getSessionID — double-writes on every call
logSession.Printf("Extracted session ID from context: %s", auth.TruncateSessionID(sessionID))
log.Printf("Extracted session ID from context: %s", auth.TruncateSessionID(sessionID))

// ensureSessionDirectory — wrong logger + duplicate
logUnified.Printf("Created session directory: %s", sessionDir)
log.Printf("Created payload directory for session: %s", auth.TruncateSessionID(sessionID))

After:

logSession.Printf("Extracted session ID from context: %s", auth.TruncateSessionID(sessionID))

logSession.Printf("Created session directory: %s", sessionDir)

Non-duplicate log.Printf calls (no session ID in context, auto-creating/auto-created session, session validated) are retained.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • example.com
    • Triggering command: /tmp/go-build3212929701/b334/launcher.test /tmp/go-build3212929701/b334/launcher.test -test.testlogfile=/tmp/go-build3212929701/b334/testlog.txt -test.paniconexit0 -test.timeout=10m0s conf�� tion_pool.go er.go x_amd64/compile (dns block)
  • invalid-host-that-does-not-exist-12345.com
    • Triggering command: /tmp/go-build3212929701/b319/config.test /tmp/go-build3212929701/b319/config.test -test.testlogfile=/tmp/go-build3212929701/b319/testlog.txt -test.paniconexit0 -test.timeout=10m0s is ternal/engine/wazevo/wazevoapi/debug_options.go ternal/engine/wazevo/wazevoapi/exitcode.go x_amd64/compile (dns block)
  • nonexistent.local
    • Triggering command: /tmp/go-build3212929701/b334/launcher.test /tmp/go-build3212929701/b334/launcher.test -test.testlogfile=/tmp/go-build3212929701/b334/testlog.txt -test.paniconexit0 -test.timeout=10m0s conf�� tion_pool.go er.go x_amd64/compile (dns block)
  • slow.example.com
    • Triggering command: /tmp/go-build3212929701/b334/launcher.test /tmp/go-build3212929701/b334/launcher.test -test.testlogfile=/tmp/go-build3212929701/b334/testlog.txt -test.paniconexit0 -test.timeout=10m0s conf�� tion_pool.go er.go x_amd64/compile (dns block)
  • this-host-does-not-exist-12345.com
    • Triggering command: /tmp/go-build3212929701/b343/mcp.test /tmp/go-build3212929701/b343/mcp.test -test.testlogfile=/tmp/go-build3212929701/b343/testlog.txt -test.paniconexit0 -test.timeout=10m0s /tmp/go-build3212929701/b334/_pkg_.a ache/go/1.25.8/x64/src/runtime/c-c=4 73cQFc0nv x_amd64/vet (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

💬 Send tasks to Copilot coding agent from Slack and Teams to turn conversations into code. Copilot posts an update in your thread when it's finished.

Copilot AI linked an issue Mar 29, 2026 that may be closed by this pull request
[duplicate-code] Duplicate Code Pattern: Exact and Near-Identical Dual Logging in session.go #2712
Closed
5 tasks
Copilot AI changed the title [WIP] Remove duplicate logging in session.go Remove duplicate logging in session.go, fix logUnified misuse Mar 29, 2026
Copilot AI requested a review from lpcox March 29, 2026 17:07
@lpcox lpcox marked this pull request as ready for review March 29, 2026 17:11
Copilot AI review requested due to automatic review settings March 29, 2026 17:11
@lpcox lpcox merged commit f868557 into main Mar 29, 2026
12 checks passed
@lpcox lpcox deleted the copilot/duplicate-code-reduce-dual-logging branch March 29, 2026 17:11
Copilot AI reviewed Mar 29, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Removes duplicate session-related log entries and aligns session directory logging to use the session-scoped logger, reducing noisy/double-written logs in the server session lifecycle.

Changes:

  • Remove duplicate log.Printf lines in getSessionID and requireSession.
  • Switch ensureSessionDirectory from logUnified/stdlib log duplicates to logSession only.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread internal/server/session.go
Comment on lines 46 to 49
if _, err := os.Stat(sessionDir); err == nil {
// Directory already exists
logUnified.Printf("Session directory already exists: %s", sessionDir)
logSession.Printf("Session directory already exists: %s", sessionDir)
return nil
Copy link

Copilot AI Mar 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sessionDir includes the raw sessionID (which is the API key per spec) and is being logged verbatim. This can leak credentials into logs; prefer logging auth.TruncateSessionID(sessionID) and avoid printing the full path that embeds the secret.

Copilot uses AI. Check for mistakes.
Comment thread internal/server/session.go
Comment on lines 56 to +60
if err := os.MkdirAll(sessionDir, 0755); err != nil {
return fmt.Errorf("failed to create session directory: %w", err)
}

logUnified.Printf("Created session directory: %s", sessionDir)
log.Printf("Created payload directory for session: %s", auth.TruncateSessionID(sessionID))
logSession.Printf("Created session directory: %s", sessionDir)
Copy link

Copilot AI Mar 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sessionID comes from the client and is used directly in filepath.Join(us.payloadDir, sessionID) and os.MkdirAll(sessionDir, ...). As written, a session ID containing .. (or an absolute path) can escape payloadDir and create directories elsewhere. Consider normalizing/validating the session ID (e.g., reject path traversal segments / absolute paths) and/or verify after filepath.Clean/filepath.Abs that the resulting path stays under us.payloadDir before calling MkdirAll.

Copilot uses AI. Check for mistakes.
This was referenced Mar 29, 2026
Closed
Closed
Copilot AI mentioned this pull request Mar 30, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@lpcox lpcox Awaiting requested review from lpcox

Assignees

@lpcox lpcox

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[duplicate-code] Duplicate Code Pattern: Exact and Near-Identical Dual Logging in session.go

3 participants

@lpcox