add support for more cookie flags in Request::AddCookie() method
changed in config options: - renamed: http_session_id_name to session_cookie_name - add config options: session_cookie_path, session_cookie_domain, session_cookie_same_site, session_cookie_http_only, session_cookie_secure
This commit is contained in:
@@ -1646,6 +1646,79 @@ bool is_in_list(const std::wstring & item, const std::set<std::wstring> & list)
|
||||
}
|
||||
|
||||
|
||||
void cookie_same_site_to_stream(CookieSameSite same_site, pt::Stream & stream)
|
||||
{
|
||||
switch(same_site)
|
||||
{
|
||||
case CookieSameSite::samesite_strict:
|
||||
stream << L"Strict";
|
||||
break;
|
||||
|
||||
case CookieSameSite::samesite_lax:
|
||||
stream << L"Lax";
|
||||
break;
|
||||
|
||||
case CookieSameSite::samesite_none:
|
||||
stream << L"None";
|
||||
break;
|
||||
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
void prepare_cookie_string(
|
||||
pt::Stream & cookie,
|
||||
const std::wstring * value_string,
|
||||
const pt::Stream * value_stream,
|
||||
pt::Date * expires,
|
||||
const std::wstring * path,
|
||||
const std::wstring * domain,
|
||||
CookieSameSite cookie_same_site,
|
||||
bool http_only,
|
||||
bool secure)
|
||||
{
|
||||
if( value_string )
|
||||
cookie << *value_string;
|
||||
|
||||
if( value_stream )
|
||||
cookie << *value_stream;
|
||||
|
||||
if( cookie.empty() )
|
||||
cookie << L"\"\""; // cookie empty value
|
||||
|
||||
if( expires )
|
||||
cookie << L"; expires=" << DateToStrCookie(*expires) << L" GMT";
|
||||
|
||||
if( path && !path->empty() )
|
||||
{
|
||||
cookie << L"; path=" << *path;
|
||||
}
|
||||
|
||||
if( domain && !domain->empty() )
|
||||
cookie << L"; domain=" << *domain;
|
||||
|
||||
if( cookie_same_site != CookieSameSite::samesite_notset )
|
||||
{
|
||||
cookie << L"; SameSite=";
|
||||
cookie_same_site_to_stream(cookie_same_site, cookie);
|
||||
}
|
||||
|
||||
if( http_only )
|
||||
cookie << L"; HttpOnly";
|
||||
|
||||
/*
|
||||
don't use '; secure' flag if you are using both sites (with SSL
|
||||
and without SSL) -- with secure flag the cookie is sent only through
|
||||
SSL and if you accidentally open a new window without SSL (http://)
|
||||
then winix will create a new session for you and the previous session (https://)
|
||||
will be lost (the session cookie will be overwritten in the client's browser)
|
||||
*/
|
||||
if( secure )
|
||||
cookie << L"; Secure";
|
||||
}
|
||||
|
||||
|
||||
} // namespace Winix
|
||||
|
||||
|
||||
Reference in New Issue
Block a user