summaryrefslogtreecommitdiffstats
path: root/sca-cpp/trunk/modules/http/openauth.hpp
diff options
context:
space:
mode:
Diffstat (limited to 'sca-cpp/trunk/modules/http/openauth.hpp')
-rw-r--r--sca-cpp/trunk/modules/http/openauth.hpp26
1 files changed, 22 insertions, 4 deletions
diff --git a/sca-cpp/trunk/modules/http/openauth.hpp b/sca-cpp/trunk/modules/http/openauth.hpp
index 70c6f658ad..d448311cca 100644
--- a/sca-cpp/trunk/modules/http/openauth.hpp
+++ b/sca-cpp/trunk/modules/http/openauth.hpp
@@ -72,6 +72,16 @@ const maybe<string> sessionID(const request_rec* const r, const string& key) {
}
/**
+ * Convert a number of seconds to an expiration date.
+ */
+const string expires(const int s) {
+ const time_t t = time(NULL) + s;
+ char exp[32];
+ strftime(exp, 32, "%a, %d-%b-%Y %H:%M:%S GMT", gmtime(&t));
+ return string(exp);
+}
+
+/**
* Convert a session id to a cookie string.
*/
const string cookie(const string& key, const string& sid, const string& domain) {
@@ -80,10 +90,8 @@ const string cookie(const string& key, const string& sid, const string& domain)
debug(c, "openauth::cookie");
return c;
}
- const time_t t = time(NULL) + 86400;
- char exp[32];
- strftime(exp, 32, "%a, %d-%b-%Y %H:%M:%S GMT", gmtime(&t));
- const string c = key + string("=") + sid + "; expires=" + string(exp) + "; domain=." + httpd::realm(domain) + "; path=/; secure; httponly";
+ const string exp = "604800";
+ const string c = key + string("=") + sid + (length(exp) != 0? string("; max-age=") + exp : emptyString) + "; domain=." + httpd::realm(domain) + "; path=/; secure; httponly";
debug(c, "openauth::cookie");
return c;
}
@@ -92,6 +100,16 @@ const string cookie(const string& key, const string& sid, const string& domain)
* Redirect to the configured login page.
*/
const failable<int> login(const string& page, const value& ref, const value& attempt, request_rec* const r) {
+
+ // Don't redirect non-cacheable requests, just respond with an uncacheable 403 response
+ const char* cc = apr_table_get(r->headers_in, "X-Cache-Control");
+ if(cc != NULL && !strcmp(cc, "no-cache")) {
+ apr_table_setn(r->headers_out, "Cache-Control", "no-cache, no-store, must-revalidate, max-age=0");
+ apr_table_setn(r->err_headers_out, "Cache-Control", "no-cache, no-store, must-revalidate, max-age=0");
+ return HTTP_FORBIDDEN;
+ }
+
+ // Redirect to the login page
const list<value> rarg = ref == string("/")? nilListValue : mklist<value>(mklist<value>("openauth_referrer", httpd::escape(httpd::url(isNull(ref)? r->uri : ref, r))));
const list<value> aarg = isNull(attempt)? nilListValue : mklist<value>(mklist<value>("openauth_attempt", attempt));
const list<value> largs = append(rarg, aarg);
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-08 21:24:35 +0000