tomasz.sowa/winix
1
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

added: possibility to encode the session cookie (added files core/sessionidmanager.h and core/sessionidmanager.cpp)

Browse Source 
added: config options:
       // whether or not we should encode the session cookie
       // (we have a special algorithm)
       // default: false
       bool session_cookie_encode;

       // if session_cookie_encode is true then you should provide
       // a file where AES keys will be stored
       std::wstring session_keys_file;

       // each session has an index -- an unsigned int value
       // this value is sent in the cookie string (is encoded)
       // and is incremented when session_index_time_increment time is passed since the last incrementing
       // if a client sent the cookie back the difference between
       // current index and the index in the cookie should be less than or equal to session_allow_index_difference
       // default: 8
       size_t session_allow_index_difference;

       // the time which should pass after the session index is incremented
       // default: 30
       // (session_allow_index_difference + 1) * session_index_time_increment should be less than a time
       // load of a page and all elements on it such as images (of course it depends on client's download too)
       time_t session_index_time_increment;

       // time in seconds after a new AES key pair should be generated
       // we have 256 pairs of keys so this time multiplied by 256 should not be less than
       // the max time of a session (session_remember_max_idle),
       // by default: 256 * 2 days = 512 days = 1.4 year > 3 months (session_remember_max_idle)
       // default: 172800 = 2 days (max: 2678400 = 1 month, min: 10)
       size_t session_key_renew_time;

changed: when printing the time of a request we print only two non-zero digits






git-svn-id: svn://ttmath.org/publicrep/winix/trunk@994 e52654a7-88a9-db11-a3e9-0013d4bc506e
This commit is contained in:
Tomasz Sowa
2014-11-22 15:30:56 +00:00
parent 3547d326b8
commit 76314aab10
28 changed files with 1360 additions and 240 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
core/app.cpp
View File

@@ -221,8 +221,10 @@ bool App::Init()
// init notify after templates (it uses locales from templates)
system.notify.ReadTemplates();
session_manager.InitBanList();
session_manager.InitTmpSession();
session_manager.InitBanList();
session_manager.InitCookieEncoding();
session_manager.LoadSessions();
CreateStaticTree();
@@ -860,25 +862,35 @@ void App::CheckKonqueror()
void App::PrepareSessionCookie()
{
if( !cur.session || cur.session->id==0 )
return;
if( config.session_cookie_encode )
{
if( !session_manager.EncodeSessionId(cur.session->id, cur.session->id_index, cookie_id_string) )
Toa(cur.session->id, cookie_id_string);
}
else
{
Toa(cur.session->id, cookie_id_string);
}
if( !cur.session->puser || !cur.session->remember_me )
{
cur.request->AddCookie(config.http_session_id_name, cur.session->id);
cur.request->AddCookie(config.http_session_id_name, cookie_id_string);
}
else
{
PT::Date expires = cur.request->start_time + config.session_remember_max_idle;
cur.request->AddCookie(config.http_session_id_name, cur.session->id, expires);
cur.request->AddCookie(config.http_session_id_name, cookie_id_string, expires);
}
}
bool App::AddHeader(const wchar_t * name, const wchar_t * value)
{
if( !cur.request->out_headers.GetValue(name) )