Browse Source

[mod_usertrack] usertrack.cookie-attrs config opt (fixes #2795)

usertrack.cookie-attrs allows user to add arbitrary attributes to the
  cookie set by mod_usertrack, including attributes Secure and HttpOnly
  as well as Path

usertrack.cookie-attrs is appended as-is to cookie string
  and therefore must be properly URL-encoded

usertrack.cookie-attrs, if set, replaces *all* other cookie attributes,
  including "; Path=/; Version=1" as well as the Domain= and Max-Age=
  attributes if usertrack.cookie-domain and usetrack.cookie-max-age set,
  so those should be part of usertrack.cookie-attrs if desired

e.g.
  usertrack.cookie-name  = "TRACKID"    # (default)
  usertrack.cookie-attrs = "; Path=/; Version=1; Domain=mydom.com; Max-Age=86400; Secure; HttpOnly"

x-ref:
  "mod_usertrack should have an option to set the 'Secure' and 'HttpOnly' flags on the cookie"
  https://redmine.lighttpd.net/issues/2795
personal/stbuehler/mod-csrf
Glenn Strauss 5 years ago
parent
commit
8ddb727d5c
  1. 16
      src/mod_usertrack.c

16
src/mod_usertrack.c

@ -17,6 +17,7 @@
typedef struct {
buffer *cookie_name;
buffer *cookie_attrs;
buffer *cookie_domain;
unsigned int cookie_max_age;
} plugin_config;
@ -54,6 +55,7 @@ FREE_FUNC(mod_usertrack_free) {
if (NULL == s) continue;
buffer_free(s->cookie_name);
buffer_free(s->cookie_attrs);
buffer_free(s->cookie_domain);
free(s);
@ -76,6 +78,7 @@ SETDEFAULTS_FUNC(mod_usertrack_set_defaults) {
{ "usertrack.cookie-name", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 0 */
{ "usertrack.cookie-max-age", NULL, T_CONFIG_INT, T_CONFIG_SCOPE_CONNECTION }, /* 1 */
{ "usertrack.cookie-domain", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 2 */
{ "usertrack.cookie-attrs", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 3 */
{ NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
};
@ -90,12 +93,14 @@ SETDEFAULTS_FUNC(mod_usertrack_set_defaults) {
s = calloc(1, sizeof(plugin_config));
s->cookie_name = buffer_init();
s->cookie_attrs = buffer_init();
s->cookie_domain = buffer_init();
s->cookie_max_age = 0;
cv[0].destination = s->cookie_name;
cv[1].destination = &(s->cookie_max_age);
cv[2].destination = s->cookie_domain;
cv[3].destination = s->cookie_attrs;
p->config_storage[i] = s;
@ -144,6 +149,7 @@ static int mod_usertrack_patch_connection(server *srv, connection *con, plugin_d
plugin_config *s = p->config_storage[0];
PATCH(cookie_name);
PATCH(cookie_attrs);
PATCH(cookie_domain);
PATCH(cookie_max_age);
@ -161,6 +167,8 @@ static int mod_usertrack_patch_connection(server *srv, connection *con, plugin_d
if (buffer_is_equal_string(du->key, CONST_STR_LEN("usertrack.cookie-name"))) {
PATCH(cookie_name);
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("usertrack.cookie-attrs"))) {
PATCH(cookie_attrs);
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("usertrack.cookie-max-age"))) {
PATCH(cookie_max_age);
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("usertrack.cookie-domain"))) {
@ -235,6 +243,14 @@ URIHANDLER_FUNC(mod_usertrack_uri_handler) {
li_MD5_Final(h, &Md5Ctx);
buffer_append_string_encoded(ds->value, (char *)h, 16, ENCODING_HEX);
/* usertrack.cookie-attrs, if set, replaces all other attrs */
if (!buffer_string_is_empty(p->conf.cookie_attrs)) {
buffer_append_string_buffer(ds->value, p->conf.cookie_attrs);
array_insert_unique(con->response.headers, (data_unset *)ds);
return HANDLER_GO_ON;
}
buffer_append_string_len(ds->value, CONST_STR_LEN("; Path=/"));
buffer_append_string_len(ds->value, CONST_STR_LEN("; Version=1"));

Loading…
Cancel
Save