tomasz.sowa/winix
1
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

changed the algorithm how sessions work:

Browse Source 
- if the IP is banned or there is no a winix function then we set a temporary session
- else
  if there is a session's cookie sent by the client then:
   - if the cookie is a correct session's cookie then we set the session from the cookie
   - or if the cookie is not a correct session's cookie (e.g. session expired) and the winix function
     requires a cookie then we set a new session
   - or if there is no cookie sent then if a winix function requires a session we create a new session

  if there was an error creating a new session or event counters reach a ban limit then a temporary session will be used





git-svn-id: svn://ttmath.org/publicrep/winix/trunk@1115 e52654a7-88a9-db11-a3e9-0013d4bc506e
This commit is contained in:
Tomasz Sowa
2018-06-20 15:00:02 +00:00
parent 35b93b1655
commit 08123fe6ac
9 changed files with 78 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

88
winixd/core/sessionmanager.cpp
View File

@@ -5,7 +5,7 @@
*/
/*
* Copyright (c) 2008-2014, Tomasz Sowa
* Copyright (c) 2008-2018, Tomasz Sowa
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -51,12 +51,22 @@ namespace Winix
SessionManager::SessionManager()
{
config = nullptr;
cur = nullptr;
system = nullptr;
last_container = nullptr;
current_ip_ban = nullptr;
temporary_session.id = 0;
session = &temporary_session;
session_tab.SetTmpSession(&temporary_session);
// thread work mode
work_mode = 1;
// for another thread
deleted = 0;
}
@@ -182,7 +192,6 @@ SessionContainer::Iterator i = session_tab.End();
if( i != session_tab.End() )
{
is_session_set = true;
session = &(*i);
session->new_session = true;
session->SetTimesTo(cur->request->start_time);
@@ -195,15 +204,12 @@ SessionContainer::Iterator i = session_tab.End();
{
// there is a problem with generating a new session id
log << log1 << "SM: cannot create a session id" << logend;
SetTemporarySession();
}
}
void SessionManager::SetTemporarySession()
{
is_session_set = true;
session = &temporary_session;
session->Clear(false);
session->SetTimesTo(cur->request->start_time);
@@ -278,7 +284,6 @@ void SessionManager::BrokenCookieCheckBan()
{
log << log2 << "SM: too many incorrect encoded cookies were sent from this IP" << logend;
IncrementBanLevel(current_ip_ban);
SetTemporarySession();
}
}
@@ -297,13 +302,12 @@ void SessionManager::IncorrectSessionCheckBan()
{
log << log2 << "SM: too many incorrect sessions identifiers were sent from this IP" << logend;
IncrementBanLevel(current_ip_ban);
SetTemporarySession();
}
}
void SessionManager::NoSessionCookieCheckBan()
bool SessionManager::ShouldNoSessionCookieGenerateTmpSession()
{
if( !current_ip_ban )
current_ip_ban = &AddIPToBanList(cur->request->ip, cur->request->start_time);
@@ -312,6 +316,7 @@ void SessionManager::NoSessionCookieCheckBan()
{
current_ip_ban->no_session_cookie_events += 1;
SetFirstExpirationTime(current_ip_ban);
return false;
}
else
{
@@ -320,7 +325,7 @@ void SessionManager::NoSessionCookieCheckBan()
if( config->no_session_cookie_ban_mode == 1 )
IncrementBanLevel(current_ip_ban);
SetTemporarySession();
return true;
}
}
@@ -379,7 +384,6 @@ bool is_session_correct;
if( is_session_correct )
{
is_session_set = true;
session = &(*s);
session->new_session = false;
session->last_time = cur->request->start_time;
@@ -402,7 +406,6 @@ return is_session_correct;
bool SessionManager::SetSessionFromCookie(const std::wstring & cookie)
{
if( config->session_cookie_encode )
@@ -444,8 +447,7 @@ bool SessionManager::IsIPBanned()
if( current_ip_ban->IsIPBanned() )
{
PT::Date date = current_ip_ban->expires;
log << log2 << "SM: this ip is bannned to: " << date << logend;
SetTemporarySession();
log << log2 << "SM: this ip is bannned to: " << date << " UTC" << logend;
return true;
}
}
@@ -454,34 +456,62 @@ return false;
}
void SessionManager::SetSession()
/*
* preparing a new session
*
* algorithm:
* - if the IP is banned or there is no a winix function then we set a temporary session
* - else
* if there is a session's cookie sent by the client then:
* - if the cookie is a correct session's cookie then we set the session from the cookie
* - or if the cookie is not a correct session's cookie (e.g. session expired) and the winix function
* requires a cookie then we set a new session
* - or if there is no cookie sent then if a winix function requires a session we create a new session
*
* if there was an error creating a new session or event counters reach a ban limit then a temporary session will be used
* so we always have a session
*
*/
void SessionManager::PrepareSession()
{
is_session_set = false;
session = nullptr;
if( !IsIPBanned() )
if( !IsIPBanned() && cur->request->function )
{
if( cur->request->function && cur->request->function->need_session )
{
CookieTab::iterator i = cur->request->cookie_tab.find(config->http_session_id_name);
CookieTab::iterator i = cur->request->cookie_tab.find(config->http_session_id_name);
if( i != cur->request->cookie_tab.end() )
if( i != cur->request->cookie_tab.end() )
{
if( !SetSessionFromCookie(i->second) )
{
if( !SetSessionFromCookie(i->second) )
cur->request->cookie_tab.erase(i);
}
else
{
NoSessionCookieCheckBan();
cur->request->cookie_tab.erase(i);
if( cur->request->function->need_session )
{
// IP could be banned in SetSessionFromCookie() when the cookie string was incorrect
if( !current_ip_ban || !current_ip_ban->IsIPBanned() )
{
CreateSession();
}
}
}
}
else
{
SetTemporarySession();
if( cur->request->function->need_session )
{
if( !ShouldNoSessionCookieGenerateTmpSession() )
{
CreateSession();
}
}
}
}
if( !is_session_set )
CreateSession();
if( !session )
{
SetTemporarySession();
}
session->ip_ban = current_ip_ban;
}