2 files changed, 36 insertions, 0 deletions

diff --git a/store.go b/store.go
index fe31c08..a5cb867 100644
--- a/store.go
+++ b/store.go
@@ -137,6 +137,17 @@ type FilesystemStore struct {
 	path    string
 }
 
+// MaxLength restricts the maximum length of new sessions to l.
+// If l is 0 there is no limit to the size of a session, use with caution.
+// The default for a new FilesystemStore is 4096.
+func (s *FilesystemStore) MaxLength(l int) {
+	for _, c := range s.Codecs {
+		if codec, ok := c.(*securecookie.SecureCookie); ok {
+			codec.MaxLength(l)
+		}
+	}
+}
+
 // Get returns a session for the given name after adding it to the registry.
 //
 // See CookieStore.Get().
diff --git a/store_test.go b/store_test.go
index 77fea6b..022acba 100644
--- a/store_test.go
+++ b/store_test.go
@@ -1,7 +1,9 @@
 package sessions
 
 import (
+	"encoding/base64"
 	"net/http"
+	"net/http/httptest"
 	"testing"
 )
 
@@ -46,3 +48,26 @@ func TestGH8FilesystemStore(t *testing.T) {
 		t.Fatalf("bad session path: got %q, want %q", session.Options.Path, originalPath)
 	}
 }
+
+// Test for GH-2.
+func TestGH2MaxLength(t *testing.T) {
+	store := NewFilesystemStore("", []byte("some key"))
+	req, err := http.NewRequest("GET", "http://www.example.com", nil)
+	if err != nil {
+		t.Fatal("failed to create request", err)
+	}
+	w := httptest.NewRecorder()
+
+	session, err := store.New(req, "my session")
+	session.Values["big"] = make([]byte, base64.StdEncoding.DecodedLen(4096*2))
+	err = session.Save(req, w)
+	if err == nil {
+		t.Fatal("expected an error, got nil")
+	}
+
+	store.MaxLength(4096 * 3) // A bit more than the value size to account for encoding overhead.
+	err = session.Save(req, w)
+	if err != nil {
+		t.Fatal("failed to Save:", err)
+	}
+}