From b97318796059d7c577338af1357d26849ccde72d Mon Sep 17 00:00:00 2001 From: robert Date: Tue, 12 Nov 2024 03:46:11 -0500 Subject: [PATCH] Use separate cookies for HTTP and HTTPS connections --- examples/device-dashboard/net.c | 11 ++++++---- examples/wifi-router-dashboard/net.c | 20 +++++++++++-------- .../web-ui-dashboard/net.c | 11 ++++++---- 3 files changed, 26 insertions(+), 16 deletions(-) diff --git a/examples/device-dashboard/net.c b/examples/device-dashboard/net.c index 41d5c28a..b73604ff 100644 --- a/examples/device-dashboard/net.c +++ b/examples/device-dashboard/net.c @@ -77,19 +77,22 @@ static struct user *authenticate(struct mg_http_message *hm) { static void handle_login(struct mg_connection *c, struct user *u) { char cookie[256]; + const char *cookie_name = c->is_tls ? "secure_access_token" : "access_token"; mg_snprintf(cookie, sizeof(cookie), - "Set-Cookie: access_token=%s; Path=/; " + "Set-Cookie: %s=%s; Path=/; " "%sHttpOnly; SameSite=Lax; Max-Age=%d\r\n", - u->access_token, c->is_tls ? "Secure; " : "", 3600 * 24); + cookie_name, u->access_token, + c->is_tls ? "Secure; " : "", 3600 * 24); mg_http_reply(c, 200, cookie, "{%m:%m}", MG_ESC("user"), MG_ESC(u->name)); } static void handle_logout(struct mg_connection *c) { char cookie[256]; + const char *cookie_name = c->is_tls ? "secure_access_token" : "access_token"; mg_snprintf(cookie, sizeof(cookie), - "Set-Cookie: access_token=; Path=/; " + "Set-Cookie: %s=; Path=/; " "Expires=Thu, 01 Jan 1970 00:00:00 UTC; " - "%sHttpOnly; Max-Age=0; \r\n", + "%sHttpOnly; Max-Age=0; \r\n", cookie_name, c->is_tls ? "Secure; " : ""); mg_http_reply(c, 200, cookie, "true\n"); } diff --git a/examples/wifi-router-dashboard/net.c b/examples/wifi-router-dashboard/net.c index 131400ba..76bdba9d 100644 --- a/examples/wifi-router-dashboard/net.c +++ b/examples/wifi-router-dashboard/net.c @@ -156,19 +156,23 @@ static struct user *authenticate(struct mg_http_message *hm) { static void handle_login(struct mg_connection *c, struct user *u) { char cookie[256]; + const char *cookie_name = c->is_tls ? "secure_access_token" : "access_token"; mg_snprintf(cookie, sizeof(cookie), - "Set-Cookie: access_token=%s;Path=/;" - "HttpOnly;SameSite=Lax;Max-Age=%d\r\n", - u->access_token, 3600 * 24); + "Set-Cookie: %s=%s;Path=/;" + "%sHttpOnly;SameSite=Lax;Max-Age=%d\r\n", cookie_name, + u->access_token, c->is_tls ? "Secure; " : "", 3600 * 24); mg_http_reply(c, 200, cookie, "{%m:%m}", MG_ESC("user"), MG_ESC(u->name)); } static void handle_logout(struct mg_connection *c) { - mg_http_reply(c, 200, - "Set-Cookie: access_token=; Path=/; " - "Expires=Thu, 01 Jan 1970 00:00:00 UTC; " - "Secure; HttpOnly; Max-Age=0; \r\n", - "true\n"); + char cookie[256]; + const char *cookie_name = c->is_tls ? "secure_access_token" : "access_token"; + mg_snprintf(cookie, sizeof(cookie), + "Set-Cookie: %s=; Path=/; " + "Expires=Thu, 01 Jan 1970 00:00:00 UTC; " + "%sHttpOnly; Max-Age=0; \r\n", cookie_name, + c->is_tls ? "Secure; " : ""); + mg_http_reply(c, 200, cookie, "true\n"); } static void handle_debug(struct mg_connection *c, struct mg_http_message *hm) { diff --git a/reference-projects/windows-macos-linux/web-ui-dashboard/net.c b/reference-projects/windows-macos-linux/web-ui-dashboard/net.c index fa73b5bd..6c56e849 100644 --- a/reference-projects/windows-macos-linux/web-ui-dashboard/net.c +++ b/reference-projects/windows-macos-linux/web-ui-dashboard/net.c @@ -78,19 +78,22 @@ static struct user *authenticate(struct mg_http_message *hm) { static void handle_login(struct mg_connection *c, struct user *u) { char cookie[256]; + const char *cookie_name = c->is_tls ? "secure_access_token" : "access_token"; mg_snprintf(cookie, sizeof(cookie), - "Set-Cookie: access_token=%s; Path=/; " + "Set-Cookie: %s=%s; Path=/; " "%sHttpOnly; SameSite=Lax; Max-Age=%d\r\n", - u->access_token, c->is_tls ? "Secure; " : "", 3600 * 24); + cookie_name, u->access_token, + c->is_tls ? "Secure; " : "", 3600 * 24); mg_http_reply(c, 200, cookie, "{%m:%m}", MG_ESC("user"), MG_ESC(u->name)); } static void handle_logout(struct mg_connection *c) { char cookie[256]; + const char *cookie_name = c->is_tls ? "secure_access_token" : "access_token"; mg_snprintf(cookie, sizeof(cookie), - "Set-Cookie: access_token=; Path=/; " + "Set-Cookie: %s=; Path=/; " "Expires=Thu, 01 Jan 1970 00:00:00 UTC; " - "%sHttpOnly; Max-Age=0; \r\n", + "%sHttpOnly; Max-Age=0; \r\n", cookie_name, c->is_tls ? "Secure; " : ""); mg_http_reply(c, 200, cookie, "true\n"); }