mirror of
https://github.com/cesanta/mongoose.git
synced 2024-11-23 18:49:01 +08:00
Use separate cookies for HTTP and HTTPS connections
This commit is contained in:
parent
991080e613
commit
b973187960
@ -77,19 +77,22 @@ static struct user *authenticate(struct mg_http_message *hm) {
|
|||||||
|
|
||||||
static void handle_login(struct mg_connection *c, struct user *u) {
|
static void handle_login(struct mg_connection *c, struct user *u) {
|
||||||
char cookie[256];
|
char cookie[256];
|
||||||
|
const char *cookie_name = c->is_tls ? "secure_access_token" : "access_token";
|
||||||
mg_snprintf(cookie, sizeof(cookie),
|
mg_snprintf(cookie, sizeof(cookie),
|
||||||
"Set-Cookie: access_token=%s; Path=/; "
|
"Set-Cookie: %s=%s; Path=/; "
|
||||||
"%sHttpOnly; SameSite=Lax; Max-Age=%d\r\n",
|
"%sHttpOnly; SameSite=Lax; Max-Age=%d\r\n",
|
||||||
u->access_token, c->is_tls ? "Secure; " : "", 3600 * 24);
|
cookie_name, u->access_token,
|
||||||
|
c->is_tls ? "Secure; " : "", 3600 * 24);
|
||||||
mg_http_reply(c, 200, cookie, "{%m:%m}", MG_ESC("user"), MG_ESC(u->name));
|
mg_http_reply(c, 200, cookie, "{%m:%m}", MG_ESC("user"), MG_ESC(u->name));
|
||||||
}
|
}
|
||||||
|
|
||||||
static void handle_logout(struct mg_connection *c) {
|
static void handle_logout(struct mg_connection *c) {
|
||||||
char cookie[256];
|
char cookie[256];
|
||||||
|
const char *cookie_name = c->is_tls ? "secure_access_token" : "access_token";
|
||||||
mg_snprintf(cookie, sizeof(cookie),
|
mg_snprintf(cookie, sizeof(cookie),
|
||||||
"Set-Cookie: access_token=; Path=/; "
|
"Set-Cookie: %s=; Path=/; "
|
||||||
"Expires=Thu, 01 Jan 1970 00:00:00 UTC; "
|
"Expires=Thu, 01 Jan 1970 00:00:00 UTC; "
|
||||||
"%sHttpOnly; Max-Age=0; \r\n",
|
"%sHttpOnly; Max-Age=0; \r\n", cookie_name,
|
||||||
c->is_tls ? "Secure; " : "");
|
c->is_tls ? "Secure; " : "");
|
||||||
mg_http_reply(c, 200, cookie, "true\n");
|
mg_http_reply(c, 200, cookie, "true\n");
|
||||||
}
|
}
|
||||||
|
@ -156,19 +156,23 @@ static struct user *authenticate(struct mg_http_message *hm) {
|
|||||||
|
|
||||||
static void handle_login(struct mg_connection *c, struct user *u) {
|
static void handle_login(struct mg_connection *c, struct user *u) {
|
||||||
char cookie[256];
|
char cookie[256];
|
||||||
|
const char *cookie_name = c->is_tls ? "secure_access_token" : "access_token";
|
||||||
mg_snprintf(cookie, sizeof(cookie),
|
mg_snprintf(cookie, sizeof(cookie),
|
||||||
"Set-Cookie: access_token=%s;Path=/;"
|
"Set-Cookie: %s=%s;Path=/;"
|
||||||
"HttpOnly;SameSite=Lax;Max-Age=%d\r\n",
|
"%sHttpOnly;SameSite=Lax;Max-Age=%d\r\n", cookie_name,
|
||||||
u->access_token, 3600 * 24);
|
u->access_token, c->is_tls ? "Secure; " : "", 3600 * 24);
|
||||||
mg_http_reply(c, 200, cookie, "{%m:%m}", MG_ESC("user"), MG_ESC(u->name));
|
mg_http_reply(c, 200, cookie, "{%m:%m}", MG_ESC("user"), MG_ESC(u->name));
|
||||||
}
|
}
|
||||||
|
|
||||||
static void handle_logout(struct mg_connection *c) {
|
static void handle_logout(struct mg_connection *c) {
|
||||||
mg_http_reply(c, 200,
|
char cookie[256];
|
||||||
"Set-Cookie: access_token=; Path=/; "
|
const char *cookie_name = c->is_tls ? "secure_access_token" : "access_token";
|
||||||
"Expires=Thu, 01 Jan 1970 00:00:00 UTC; "
|
mg_snprintf(cookie, sizeof(cookie),
|
||||||
"Secure; HttpOnly; Max-Age=0; \r\n",
|
"Set-Cookie: %s=; Path=/; "
|
||||||
"true\n");
|
"Expires=Thu, 01 Jan 1970 00:00:00 UTC; "
|
||||||
|
"%sHttpOnly; Max-Age=0; \r\n", cookie_name,
|
||||||
|
c->is_tls ? "Secure; " : "");
|
||||||
|
mg_http_reply(c, 200, cookie, "true\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
static void handle_debug(struct mg_connection *c, struct mg_http_message *hm) {
|
static void handle_debug(struct mg_connection *c, struct mg_http_message *hm) {
|
||||||
|
@ -78,19 +78,22 @@ static struct user *authenticate(struct mg_http_message *hm) {
|
|||||||
|
|
||||||
static void handle_login(struct mg_connection *c, struct user *u) {
|
static void handle_login(struct mg_connection *c, struct user *u) {
|
||||||
char cookie[256];
|
char cookie[256];
|
||||||
|
const char *cookie_name = c->is_tls ? "secure_access_token" : "access_token";
|
||||||
mg_snprintf(cookie, sizeof(cookie),
|
mg_snprintf(cookie, sizeof(cookie),
|
||||||
"Set-Cookie: access_token=%s; Path=/; "
|
"Set-Cookie: %s=%s; Path=/; "
|
||||||
"%sHttpOnly; SameSite=Lax; Max-Age=%d\r\n",
|
"%sHttpOnly; SameSite=Lax; Max-Age=%d\r\n",
|
||||||
u->access_token, c->is_tls ? "Secure; " : "", 3600 * 24);
|
cookie_name, u->access_token,
|
||||||
|
c->is_tls ? "Secure; " : "", 3600 * 24);
|
||||||
mg_http_reply(c, 200, cookie, "{%m:%m}", MG_ESC("user"), MG_ESC(u->name));
|
mg_http_reply(c, 200, cookie, "{%m:%m}", MG_ESC("user"), MG_ESC(u->name));
|
||||||
}
|
}
|
||||||
|
|
||||||
static void handle_logout(struct mg_connection *c) {
|
static void handle_logout(struct mg_connection *c) {
|
||||||
char cookie[256];
|
char cookie[256];
|
||||||
|
const char *cookie_name = c->is_tls ? "secure_access_token" : "access_token";
|
||||||
mg_snprintf(cookie, sizeof(cookie),
|
mg_snprintf(cookie, sizeof(cookie),
|
||||||
"Set-Cookie: access_token=; Path=/; "
|
"Set-Cookie: %s=; Path=/; "
|
||||||
"Expires=Thu, 01 Jan 1970 00:00:00 UTC; "
|
"Expires=Thu, 01 Jan 1970 00:00:00 UTC; "
|
||||||
"%sHttpOnly; Max-Age=0; \r\n",
|
"%sHttpOnly; Max-Age=0; \r\n", cookie_name,
|
||||||
c->is_tls ? "Secure; " : "");
|
c->is_tls ? "Secure; " : "");
|
||||||
mg_http_reply(c, 200, cookie, "true\n");
|
mg_http_reply(c, 200, cookie, "true\n");
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user