httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From minf...@apache.org
Subject svn commit: r690501 - in /httpd/httpd/trunk: CHANGES include/ap_mmn.h include/util_cookies.h modules/session/mod_session_cookie.c modules/session/mod_session_dbd.c server/util_cookies.c
Date Sat, 30 Aug 2008 13:37:53 GMT
Author: minfrin
Date: Sat Aug 30 06:37:52 2008
New Revision: 690501

URL: http://svn.apache.org/viewvc?rev=690501&view=rev
Log:
mod_session_cookie, mod_session_dbd: Make sure cookies are set both
within the output headers and error output headers, so that the
session is maintained across redirects.

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/include/ap_mmn.h
    httpd/httpd/trunk/include/util_cookies.h
    httpd/httpd/trunk/modules/session/mod_session_cookie.c
    httpd/httpd/trunk/modules/session/mod_session_dbd.c
    httpd/httpd/trunk/server/util_cookies.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=690501&r1=690500&r2=690501&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Sat Aug 30 06:37:52 2008
@@ -2,6 +2,10 @@
 Changes with Apache 2.3.0
 [ When backported to 2.2.x, remove entry from this file ]
 
+  *) mod_session_cookie, mod_session_dbd: Make sure cookies are set both
+     within the output headers and error output headers, so that the
+     session is maintained across redirects. [Graham Leggett]
+
   *) mod_auth_form: Make sure the logged in user is populated correctly
      after a form login. Fixes a missing REMOTE_USER variable directly
      following a login. [Graham Leggett]

Modified: httpd/httpd/trunk/include/ap_mmn.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/include/ap_mmn.h?rev=690501&r1=690500&r2=690501&view=diff
==============================================================================
--- httpd/httpd/trunk/include/ap_mmn.h (original)
+++ httpd/httpd/trunk/include/ap_mmn.h Sat Aug 30 06:37:52 2008
@@ -167,13 +167,14 @@
  *                         proxy_worker struct.
  * 20080722.2 (2.3.0-dev)  Add scolonsep to proxy_balancer
  * 20080829.0 (2.3.0-dev)  Add cookie attributes when removing cookies
+ * 20080830.0 (2.3.0-dev)  Cookies can be set on headers_out and err_headers_out
  *
  */
 
 #define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */
 
 #ifndef MODULE_MAGIC_NUMBER_MAJOR
-#define MODULE_MAGIC_NUMBER_MAJOR 20080829
+#define MODULE_MAGIC_NUMBER_MAJOR 20080830
 #endif
 #define MODULE_MAGIC_NUMBER_MINOR 0                     /* 0...n */
 

Modified: httpd/httpd/trunk/include/util_cookies.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/include/util_cookies.h?rev=690501&r1=690500&r2=690501&view=diff
==============================================================================
--- httpd/httpd/trunk/include/util_cookies.h (original)
+++ httpd/httpd/trunk/include/util_cookies.h Sat Aug 30 06:37:52 2008
@@ -41,7 +41,7 @@
 #define SET_COOKIE "Set-Cookie"
 #define SET_COOKIE2 "Set-Cookie2"
 #define DEFAULT_ATTRS "HttpOnly;Secure;Version=1"
-#define CLEAR_ATTRS "Max-Age=0;Version=1"
+#define CLEAR_ATTRS "Version=1"
 
 typedef struct {
     request_rec *r;
@@ -60,9 +60,11 @@
  * @param attrs The string containing additional cookie attributes. If NULL, the
  *              DEFAULT_ATTRS will be used.
  * @param maxage If non zero, a Max-Age header will be added to the cookie.
+ * @param ... A varargs array of zero or more (apr_table_t *) tables followed by NULL
+ *            to which the cookies should be added.
  */
 AP_DECLARE(apr_status_t) ap_cookie_write(request_rec * r, const char *name, const char *val,
-                                         const char *attrs, long maxage);
+                                         const char *attrs, long maxage, ...);
 
 /**
  * Write an RFC2965 compliant cookie.
@@ -73,9 +75,11 @@
  * @param attrs2 The string containing additional cookie attributes. If NULL, the
  *               DEFAULT_ATTRS will be used.
  * @param maxage If non zero, a Max-Age header will be added to the cookie.
+ * @param ... A varargs array of zero or more (apr_table_t *) tables followed by NULL
+ *            to which the cookies should be added.
  */
 AP_DECLARE(apr_status_t) ap_cookie_write2(request_rec * r, const char *name2, const char
*val,
-                                          const char *attrs2, long maxage);
+                                          const char *attrs2, long maxage, ...);
 
 /**
  * Remove an RFC2109 compliant cookie.
@@ -84,8 +88,10 @@
  * @param name The name of the cookie.
  * @param attrs The string containing additional cookie attributes. If NULL, the
  *              CLEAR_ATTRS will be used.
+ * @param ... A varargs array of zero or more (apr_table_t *) tables followed by NULL
+ *            to which the cookies should be added.
  */
-AP_DECLARE(apr_status_t) ap_cookie_remove(request_rec * r, const char *name, const char *attrs);
+AP_DECLARE(apr_status_t) ap_cookie_remove(request_rec * r, const char *name, const char *attrs,
...);
 
 /**
  * Remove an RFC2965 compliant cookie.
@@ -94,8 +100,10 @@
  * @param name2 The name of the cookie.
  * @param attrs2 The string containing additional cookie attributes. If NULL, the
  *               CLEAR_ATTRS will be used.
+ * @param ... A varargs array of zero or more (apr_table_t *) tables followed by NULL
+ *            to which the cookies should be added.
  */
-AP_DECLARE(apr_status_t) ap_cookie_remove2(request_rec * r, const char *name2, const char
*attrs2);
+AP_DECLARE(apr_status_t) ap_cookie_remove2(request_rec * r, const char *name2, const char
*attrs2, ...);
 
 /**
  * Read a cookie called name, placing its value in val.

Modified: httpd/httpd/trunk/modules/session/mod_session_cookie.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/session/mod_session_cookie.c?rev=690501&r1=690500&r2=690501&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/session/mod_session_cookie.c (original)
+++ httpd/httpd/trunk/modules/session/mod_session_cookie.c Sat Aug 30 06:37:52 2008
@@ -67,20 +67,20 @@
     /* create RFC2109 compliant cookie */
     if (conf->name_set) {
         if (z->encoded && z->encoded[0]) {
-            ap_cookie_write(r, conf->name, z->encoded, conf->name_attrs, z->maxage);
+            ap_cookie_write(r, conf->name, z->encoded, conf->name_attrs, z->maxage,
r->headers_out, r->err_headers_out, NULL);
         }
         else {
-            ap_cookie_remove(r, conf->name, conf->name_attrs);
+            ap_cookie_remove(r, conf->name, conf->name_attrs, r->headers_out, r->err_headers_out,
NULL);
         }
     }
 
     /* create RFC2965 compliant cookie */
     if (conf->name2_set) {
         if (z->encoded && z->encoded[0]) {
-            ap_cookie_write2(r, conf->name2, z->encoded, conf->name2_attrs, z->maxage);
+            ap_cookie_write2(r, conf->name2, z->encoded, conf->name2_attrs, z->maxage,
r->headers_out, r->err_headers_out, NULL);
         }
         else {
-            ap_cookie_remove2(r, conf->name2, conf->name2_attrs);
+            ap_cookie_remove2(r, conf->name2, conf->name2_attrs, r->headers_out,
r->err_headers_out, NULL);
         }
     }
 

Modified: httpd/httpd/trunk/modules/session/mod_session_dbd.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/session/mod_session_dbd.c?rev=690501&r1=690500&r2=690501&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/session/mod_session_dbd.c (original)
+++ httpd/httpd/trunk/modules/session/mod_session_dbd.c Sat Aug 30 06:37:52 2008
@@ -54,7 +54,7 @@
 
 /**
  * Initialise the database.
- * 
+ *
  * If the mod_dbd module is missing, this method will return APR_EGENERAL.
  */
 static apr_status_t dbd_init(request_rec *r, const char *query, ap_dbd_t **dbdp,
@@ -86,7 +86,7 @@
                       "failed to find the prepared statement called '%s'", query);
         return APR_EGENERAL;
     }
-    
+
     *dbdp = dbd;
     *statementp = statement;
 
@@ -374,7 +374,7 @@
 
 /**
  * Clean out expired sessions.
- * 
+ *
  * TODO: We need to figure out a way to clean out expired sessions from the database.
  * The monitor hook doesn't help us that much, as we have no handle into the
  * server, and so we need to come up with a way to do this safely.
@@ -431,12 +431,12 @@
 
         /* create RFC2109 compliant cookie */
         if (conf->name_set) {
-            ap_cookie_write(r, conf->name, buffer, conf->name_attrs, z->maxage);
+            ap_cookie_write(r, conf->name, buffer, conf->name_attrs, z->maxage,
r->headers_out, r->err_headers_out, NULL);
         }
 
         /* create RFC2965 compliant cookie */
         if (conf->name2_set) {
-            ap_cookie_write2(r, conf->name2, buffer, conf->name2_attrs, z->maxage);
+            ap_cookie_write2(r, conf->name2, buffer, conf->name2_attrs, z->maxage,
r->headers_out, r->err_headers_out, NULL);
         }
 
         return OK;
@@ -485,7 +485,7 @@
     (session_dbd_dir_conf *) apr_pcalloc(p, sizeof(session_dbd_dir_conf));
 
     new->remove = 1;
-    
+
     new->selectlabel = "selectsession";
     new->insertlabel = "insertsession";
     new->updatelabel = "updatesession";

Modified: httpd/httpd/trunk/server/util_cookies.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/util_cookies.c?rev=690501&r1=690500&r2=690501&view=diff
==============================================================================
--- httpd/httpd/trunk/server/util_cookies.c (original)
+++ httpd/httpd/trunk/server/util_cookies.c Sat Aug 30 06:37:52 2008
@@ -32,11 +32,13 @@
  * @param maxage If non zero, a Max-Age header will be added to the cookie.
  */
 AP_DECLARE(apr_status_t) ap_cookie_write(request_rec * r, const char *name, const char *val,
-                                         const char *attrs, long maxage)
+                                         const char *attrs, long maxage, ...)
 {
 
     char *buffer;
     char *rfc2109;
+    apr_table_t *t;
+    va_list vp;
 
     /* handle expiry */
     buffer = "";
@@ -51,7 +53,13 @@
                           attrs : DEFAULT_ATTRS, NULL);
     ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, LOG_PREFIX
                   "user '%s' set cookie: '%s'", r->user, rfc2109);
-    apr_table_addn(r->headers_out, SET_COOKIE, rfc2109);
+
+    /* write the cookie to the header table(s) provided */
+    va_start(vp, maxage);
+    while ((t = va_arg(vp, apr_table_t *))) {
+        apr_table_addn(t, SET_COOKIE, rfc2109);
+    }
+    va_end(vp);
 
     return APR_SUCCESS;
 
@@ -68,11 +76,13 @@
  * @param maxage If non zero, a Max-Age header will be added to the cookie.
  */
 AP_DECLARE(apr_status_t) ap_cookie_write2(request_rec * r, const char *name2, const char
*val,
-                                          const char *attrs2, long maxage)
+                                          const char *attrs2, long maxage, ...)
 {
 
     char *buffer;
     char *rfc2965;
+    apr_table_t *t;
+    va_list vp;
 
     /* handle expiry */
     buffer = "";
@@ -87,7 +97,13 @@
                           attrs2 : DEFAULT_ATTRS, NULL);
     ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, LOG_PREFIX
                   "user '%s' set cookie2: '%s'", r->user, rfc2965);
-    apr_table_addn(r->headers_out, SET_COOKIE2, rfc2965);
+
+    /* write the cookie to the header table(s) provided */
+    va_start(vp, maxage);
+    while ((t = va_arg(vp, apr_table_t *))) {
+        apr_table_addn(t, SET_COOKIE2, rfc2965);
+    }
+    va_end(vp);
 
     return APR_SUCCESS;
 
@@ -99,15 +115,23 @@
  * @param r The request
  * @param name The name of the cookie.
  */
-AP_DECLARE(apr_status_t) ap_cookie_remove(request_rec * r, const char *name, const char *attrs)
+AP_DECLARE(apr_status_t) ap_cookie_remove(request_rec * r, const char *name, const char *attrs,
...)
 {
+    apr_table_t *t;
+    va_list vp;
 
     /* create RFC2109 compliant cookie */
-    char *rfc2109 = apr_pstrcat(r->pool, name, "=;",
+    char *rfc2109 = apr_pstrcat(r->pool, name, "=;Max-Age=0;",
                                 attrs ? attrs : CLEAR_ATTRS, NULL);
     ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, LOG_PREFIX
                   "user '%s' removed cookie: '%s'", r->user, rfc2109);
-    apr_table_addn(r->headers_out, SET_COOKIE, rfc2109);
+
+    /* write the cookie to the header table(s) provided */
+    va_start(vp, attrs);
+    while ((t = va_arg(vp, apr_table_t *))) {
+        apr_table_addn(t, SET_COOKIE, rfc2109);
+    }
+    va_end(vp);
 
     return APR_SUCCESS;
 
@@ -119,15 +143,23 @@
  * @param r The request
  * @param name2 The name of the cookie.
  */
-AP_DECLARE(apr_status_t) ap_cookie_remove2(request_rec * r, const char *name2, const char
*attrs2)
+AP_DECLARE(apr_status_t) ap_cookie_remove2(request_rec * r, const char *name2, const char
*attrs2, ...)
 {
+    apr_table_t *t;
+    va_list vp;
 
     /* create RFC2965 compliant cookie */
-    char *rfc2965 = apr_pstrcat(r->pool, name2, "=;",
+    char *rfc2965 = apr_pstrcat(r->pool, name2, "=;Max-Age=0;",
                                 attrs2 ? attrs2 : CLEAR_ATTRS, NULL);
     ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, LOG_PREFIX
                   "user '%s' removed cookie2: '%s'", r->user, rfc2965);
-    apr_table_addn(r->headers_out, SET_COOKIE2, rfc2965);
+
+    /* write the cookie to the header table(s) provided */
+    va_start(vp, attrs2);
+    while ((t = va_arg(vp, apr_table_t *))) {
+        apr_table_addn(t, SET_COOKIE2, rfc2965);
+    }
+    va_end(vp);
 
     return APR_SUCCESS;
 



Mime
View raw message