added: possibility to encode the session cookie (added files core/sessionidmanager.h and core/sessionidmanager.cpp)
added: config options:
// whether or not we should encode the session cookie
// (we have a special algorithm)
// default: false
bool session_cookie_encode;
// if session_cookie_encode is true then you should provide
// a file where AES keys will be stored
std::wstring session_keys_file;
// each session has an index -- an unsigned int value
// this value is sent in the cookie string (is encoded)
// and is incremented when session_index_time_increment time is passed since the last incrementing
// if a client sent the cookie back the difference between
// current index and the index in the cookie should be less than or equal to session_allow_index_difference
// default: 8
size_t session_allow_index_difference;
// the time which should pass after the session index is incremented
// default: 30
// (session_allow_index_difference + 1) * session_index_time_increment should be less than a time
// load of a page and all elements on it such as images (of course it depends on client's download too)
time_t session_index_time_increment;
// time in seconds after a new AES key pair should be generated
// we have 256 pairs of keys so this time multiplied by 256 should not be less than
// the max time of a session (session_remember_max_idle),
// by default: 256 * 2 days = 512 days = 1.4 year > 3 months (session_remember_max_idle)
// default: 172800 = 2 days (max: 2678400 = 1 month, min: 10)
size_t session_key_renew_time;
changed: when printing the time of a request we print only two non-zero digits
git-svn-id: svn://ttmath.org/publicrep/winix/trunk@994 e52654a7-88a9-db11-a3e9-0013d4bc506e
This commit is contained in:
@@ -33,6 +33,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/stat.h>
|
||||
#include <limits>
|
||||
#include "sessionmanager.h"
|
||||
#include "request.h"
|
||||
#include "log.h"
|
||||
@@ -85,12 +86,26 @@ void SessionManager::SetLastContainer(LastContainer * plast_container)
|
||||
}
|
||||
|
||||
|
||||
|
||||
void SessionManager::InitBanList()
|
||||
{
|
||||
ban_tab.SetMaxSize(config->ban_list_soft_max_size, config->ban_list_max_size);
|
||||
}
|
||||
|
||||
|
||||
void SessionManager::InitCookieEncoding()
|
||||
{
|
||||
if( config->session_cookie_encode && !config->session_keys_file.empty() )
|
||||
session_id_manager.Init(config->session_keys_file);
|
||||
|
||||
session_id_manager.SetKeyRenewTime(config->session_key_renew_time);
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
size_t SessionManager::Size()
|
||||
{
|
||||
return session_tab.Size();
|
||||
@@ -106,6 +121,11 @@ return true;
|
||||
}
|
||||
|
||||
|
||||
bool SessionManager::EncodeSessionId(long id, unsigned int index, std::wstring & str)
|
||||
{
|
||||
return session_id_manager.EncodeToken((size_t)id, index, cur->request->start_time, str);
|
||||
}
|
||||
|
||||
|
||||
long SessionManager::CreateSessionId()
|
||||
{
|
||||
@@ -162,13 +182,14 @@ SessionContainer::Iterator i = session_tab.End();
|
||||
session = &(*i);
|
||||
session->new_session = true;
|
||||
session->SetTimesTo(cur->request->start_time);
|
||||
session->id_index = (unsigned int)session->id;
|
||||
session->id_index += std::rand();
|
||||
|
||||
log << log2 << "SM: created a new session: " << session->id << logend;
|
||||
}
|
||||
else
|
||||
{
|
||||
// there is a problem with generating a new session id
|
||||
// we do not set a session cookie
|
||||
log << log1 << "SM: cannot create a session id (temporary used: with id 0)" << logend;
|
||||
SetTemporarySession();
|
||||
}
|
||||
@@ -184,36 +205,111 @@ void SessionManager::SetTemporarySession()
|
||||
}
|
||||
|
||||
|
||||
|
||||
bool SessionManager::SetSessionFromCookie(const std::wstring & cookie)
|
||||
unsigned int SessionManager::SetSessionCalcDifference(Session & ses, unsigned int index)
|
||||
{
|
||||
long id = Tol(cookie.c_str());
|
||||
unsigned int difference;
|
||||
|
||||
if( index > ses.id_index )
|
||||
difference = std::numeric_limits<unsigned int>::max() - index + ses.id_index + 1;
|
||||
else
|
||||
difference = ses.id_index - index;
|
||||
|
||||
return difference;
|
||||
}
|
||||
|
||||
|
||||
void SessionManager::SetSessionPutLogInfo(Session & ses, bool has_index, unsigned int difference)
|
||||
{
|
||||
log << log2 << "SM: session: " << ses.id;
|
||||
|
||||
if( has_index )
|
||||
log << ", index difference: " << (size_t)difference;
|
||||
|
||||
if( ses.puser )
|
||||
log << log2 << ", user: " << ses.puser->name << ", id: " << ses.puser->id;
|
||||
|
||||
log << log2 << logend;
|
||||
}
|
||||
|
||||
|
||||
|
||||
bool SessionManager::SetSessionFromCookie(long id, bool has_index, unsigned int index)
|
||||
{
|
||||
unsigned int difference = 0;
|
||||
|
||||
SessionContainer::Iterator s = session_tab.FindById(id);
|
||||
|
||||
if( s == session_tab.End() || s->remove_me )
|
||||
if( s == session_tab.End() )
|
||||
{
|
||||
log << log3 << "SM: there is no a session with id: " << id << logend;
|
||||
return false;
|
||||
}
|
||||
|
||||
if( s->remove_me )
|
||||
{
|
||||
log << log3 << "SM: session: " << id << " is marked for removing" << logend;
|
||||
return false;
|
||||
}
|
||||
|
||||
if( has_index )
|
||||
{
|
||||
difference = SetSessionCalcDifference(*s, index);
|
||||
|
||||
if( (size_t)difference > config->session_allow_index_difference )
|
||||
{
|
||||
log << log2 << "SM: an incorrect session index for session: " << id
|
||||
<< ", index difference: " << (size_t)difference << logend;
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
// that session is in the table
|
||||
session = &(*s);
|
||||
session->new_session = false;
|
||||
session->last_time = cur->request->start_time;
|
||||
session->last_date = cur->request->start_time;
|
||||
session->last_date = cur->request->start_date;
|
||||
|
||||
if( session->id_index_changed + config->session_index_time_increment < cur->request->start_time )
|
||||
{
|
||||
session->id_index += 1;
|
||||
session->id_index_changed = cur->request->start_time;
|
||||
}
|
||||
|
||||
if( cur->request->method == Request::get )
|
||||
session->last_time_get = cur->request->start_time;
|
||||
|
||||
log << log2 << "SM: session: " << session->id;
|
||||
|
||||
if( session->puser )
|
||||
log << log2 << ", user: " << session->puser->name << ", id: " << session->puser->id;
|
||||
|
||||
log << log2 << logend;
|
||||
SetSessionPutLogInfo(*session, has_index, difference);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
bool SessionManager::SetSessionFromCookie(const std::wstring & cookie)
|
||||
{
|
||||
if( config->session_cookie_encode )
|
||||
{
|
||||
size_t id;
|
||||
unsigned int index;
|
||||
|
||||
if( !session_id_manager.DecodeToken(cookie, id, index) )
|
||||
{
|
||||
log << log2 << "SM: an incorrect cookie string was sent" << logend;
|
||||
return false;
|
||||
}
|
||||
|
||||
return SetSessionFromCookie((long)id, true, index);
|
||||
}
|
||||
else
|
||||
{
|
||||
long id = Tol(cookie.c_str());
|
||||
return SetSessionFromCookie(id, false, 0);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
void SessionManager::SetSession()
|
||||
{
|
||||
current_ip_ban = ban_tab.FindIP(cur->request->ip);
|
||||
@@ -426,7 +522,8 @@ char file_path[WINIX_OS_PATH_SIZE];
|
||||
if( i->id != 0 && i->puser && !i->remove_me )
|
||||
{
|
||||
file << i->id << ' ' << i->puser->id << ' ' << i->remember_me << ' ';
|
||||
file << (long)i->start_time << ' ' << (long)i->last_time << std::endl;
|
||||
file << (long)i->start_time << ' ' << (long)i->last_time << ' ';
|
||||
file << i->id_index << std::endl;
|
||||
|
||||
++len;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user