[LON-CAPA-cvs] cvs: loncom /auth lonauth.pm lonlogout.pm switchserver.pm /interface lonsupportreq.pm /lonnet/perl lonnet.pm
raeburn
raeburn at source.lon-capa.org
Sat Feb 25 15:00:47 EST 2017
raeburn Sat Feb 25 20:00:47 2017 EDT
Modified files:
/loncom/auth lonauth.pm lonlogout.pm switchserver.pm
/loncom/lonnet/perl lonnet.pm
/loncom/interface lonsupportreq.pm
Log:
- Use 'secure' attribute for session cookie on servers using Apache/SSL.
-------------- next part --------------
Index: loncom/auth/lonauth.pm
diff -u loncom/auth/lonauth.pm:1.142 loncom/auth/lonauth.pm:1.143
--- loncom/auth/lonauth.pm:1.142 Fri Feb 17 14:34:21 2017
+++ loncom/auth/lonauth.pm Sat Feb 25 20:00:36 2017
@@ -1,7 +1,7 @@
# The LearningOnline Network
# User Authentication Module
#
-# $Id: lonauth.pm,v 1.142 2017/02/17 14:34:21 raeburn Exp $
+# $Id: lonauth.pm,v 1.143 2017/02/25 20:00:36 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -42,6 +42,7 @@
use Apache::lonlocal;
use Apache::File();
use HTML::Entities;
+use Digest::MD5;
# ------------------------------------------------------------ Successful login
sub success {
@@ -72,8 +73,26 @@
}
}
-# ------------------------------------------------------------ Get cookie ready
- $cookie="lonID=$cookie; path=/; HttpOnly";
+# ----------------------------------------------------------- Get cookies ready
+ my ($securecookie,$defaultcookie);
+ if ($ENV{'SERVER_PORT'} == 443) {
+ $securecookie="lonID=$cookie; path=/; HttpOnly; secure";
+ my $lonidsdir=$r->dir_config('lonIDsDir');
+ if (($lonidsdir) && (-e "$lonidsdir/$cookie.id")) {
+ my $linkname=substr(Digest::MD5::md5_hex(Digest::MD5::md5_hex(time(). {}. rand(). $$)), 0, 32).'_linked';
+ if (-e "$lonidsdir/$linkname.id") {
+ unlink("$lonidsdir/$linkname.id");
+ }
+ my $made_symlink = eval { symlink("$lonidsdir/$cookie.id",
+ "$lonidsdir/$linkname.id"); 1 };
+ if ($made_symlink) {
+ $defaultcookie = "lonLinkID=$linkname; path=/; HttpOnly;";
+ &Apache::lonnet::appenv({'user.linkedenv' => "$lonidsdir/$linkname.id"});
+ }
+ }
+ } else {
+ $defaultcookie = "lonID=$cookie; path=/; HttpOnly;";
+ }
# -------------------------------------------------------- Menu script and info
my $destination = $lowerurl;
@@ -152,7 +171,12 @@
# ------------------------------------------------- Output for successful login
&Apache::loncommon::content_type($r,'text/html');
- $r->header_out('Set-cookie' => $cookie);
+ if ($securecookie) {
+ $r->headers_out->add('Set-cookie' => $securecookie);
+ }
+ if ($defaultcookie) {
+ $r->headers_out->add('Set-cookie' => $defaultcookie);
+ }
$r->send_http_header;
my %lt=&Apache::lonlocal::texthash(
Index: loncom/auth/lonlogout.pm
diff -u loncom/auth/lonlogout.pm:1.49 loncom/auth/lonlogout.pm:1.50
--- loncom/auth/lonlogout.pm:1.49 Thu Mar 12 00:50:10 2015
+++ loncom/auth/lonlogout.pm Sat Feb 25 20:00:36 2017
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Logout Handler
#
-# $Id: lonlogout.pm,v 1.49 2015/03/12 00:50:10 raeburn Exp $
+# $Id: lonlogout.pm,v 1.50 2017/02/25 20:00:36 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -70,6 +70,13 @@
my $lonidsdir=$r->dir_config('lonIDsDir');
&Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
unlink("$lonidsdir/$handle.id");
+ if ($env{'user.linkedenv'} ne '') {
+ my $lonhost = $r->dir_config('lonHostID');
+ if ((-l $env{'user.linkedenv'}) &&
+ (readlink($env{'user.linkedenv'}) eq "$lonidsdir/$handle.id")) {
+ unlink($env{'user.linkedenv'});
+ }
+ }
if (!$Apache::lonlocal::lh) {
&Apache::lonlocal::get_language_handle($r);
}
@@ -83,11 +90,20 @@
&Apache::loncommon::content_type($r,'text/html');
#expire the cookie
- my $c = new CGI::Cookie(-name => 'lonID',
+ my $name = 'lonID';
+ if (($env{'user.name'} eq 'public') && ($env{'user.domain'} eq 'public')) {
+ $name = 'lonPubID';
+ }
+ my $c = new CGI::Cookie(-name => $name,
-value => '',
-expires => '-10y',);
- $r->header_out('Set-cookie' => $c);
-
+ $r->headers_out->add('Set-cookie' => $c);
+ if (($name eq 'lonID') && ($env{'user.linkeenv'})) {
+ my $other = new CGI::Cookie(-name => 'lonLinkID',
+ -value => '',
+ -expires => '-10y',);
+ $r->headers_out->add('Set-cookie' => $other);
+ }
$r->send_http_header;
return OK if $r->header_only;
# -------------------------------------------------------- Menu script and info
Index: loncom/auth/switchserver.pm
diff -u loncom/auth/switchserver.pm:1.35 loncom/auth/switchserver.pm:1.36
--- loncom/auth/switchserver.pm:1.35 Fri Dec 16 15:31:11 2016
+++ loncom/auth/switchserver.pm Sat Feb 25 20:00:36 2017
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Switch Servers Handler
#
-# $Id: switchserver.pm,v 1.35 2016/12/16 15:31:11 raeburn Exp $
+# $Id: switchserver.pm,v 1.36 2017/02/25 20:00:36 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -106,6 +106,12 @@
if ($env{'user.name'} eq 'public'
&& $env{'user.domain'} eq 'public') {
my $url = $protocol.'://'.$switch_to.$r->uri;
+ unlink($handle);
+ #expire the cookie
+ my $c = new CGI::Cookie(-name => 'lonPubID',
+ -value => '',
+ -expires => '-10y',);
+ $r->header_out('Set-cookie' => $c);
return &do_redirect($r,$url,1)
}
@@ -157,6 +163,13 @@
#remove session env, and log event
unlink($handle);
+ if ($env{'user.linkedenv'} ne '') {
+ my $lonidsdir=$r->dir_config('lonIDsDir');
+ if ((-l $env{'user.linkedenv'}) &&
+ (readlink($env{'user.linkedenv'}) eq "$lonidsdir/$handle.id")) {
+ unlink($env{'user.linkedenv'});
+ }
+ }
my %temp=('switchserver' => time.':'.$env{'form.otherserver'},
$env{'form.role'});
&Apache::lonnet::put('email_status',\%temp);
@@ -176,7 +189,13 @@
my $c = new CGI::Cookie(-name => 'lonID',
-value => '',
-expires => '-10y',);
- $r->header_out('Set-cookie' => $c);
+ $r->headers_out->add('Set-cookie' => $c);
+ if ($env{'user.linkedenv'}) {
+ my $linked = new CGI::Cookie(-name => 'lonLinkID',
+ -value => '',
+ -expires => '-10y',);
+ $r->headers_out->add('Set-cookie' => $linked);
+ }
if ($r->header_only) {
$r->send_http_header;
Index: loncom/lonnet/perl/lonnet.pm
diff -u loncom/lonnet/perl/lonnet.pm:1.1336 loncom/lonnet/perl/lonnet.pm:1.1337
--- loncom/lonnet/perl/lonnet.pm:1.1336 Sat Jan 28 23:26:51 2017
+++ loncom/lonnet/perl/lonnet.pm Sat Feb 25 20:00:41 2017
@@ -1,7 +1,7 @@
# The LearningOnline Network
# TCP networking package
#
-# $Id: lonnet.pm,v 1.1336 2017/01/28 23:26:51 raeburn Exp $
+# $Id: lonnet.pm,v 1.1337 2017/02/25 20:00:41 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -650,10 +650,23 @@
sub check_for_valid_session {
my ($r,$name,$userhashref) = @_;
my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
+ my ($linkname,$pubname);
if ($name eq '') {
$name = 'lonID';
+ $linkname = 'lonLinkID';
+ $pubname = 'lonPubID';
}
my $lonid=$cookies{$name};
+ if (!$lonid) {
+ if (($name eq 'lonID') && ($ENV{'SERVER_PORT'} != 443) && ($linkname)) {
+ $lonid=$cookies{$linkname};
+ }
+ if (!$lonid) {
+ if (($name eq 'lonID') && ($pubname)) {
+ $lonid=$cookies{$pubname};
+ }
+ }
+ }
return undef if (!$lonid);
my $handle=&LONCAPA::clean_handle($lonid->value);
Index: loncom/interface/lonsupportreq.pm
diff -u loncom/interface/lonsupportreq.pm:1.90 loncom/interface/lonsupportreq.pm:1.91
--- loncom/interface/lonsupportreq.pm:1.90 Mon Jan 23 19:51:52 2017
+++ loncom/interface/lonsupportreq.pm Sat Feb 25 20:00:47 2017
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Helpdesk request form
#
-# $Id: lonsupportreq.pm,v 1.90 2017/01/23 19:51:52 raeburn Exp $
+# $Id: lonsupportreq.pm,v 1.91 2017/02/25 20:00:47 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -657,7 +657,12 @@
my @ENVvars = ('HTTP_HOST','HTTP_USER_AGENT','REMOTE_ADDR','SERVER_ADDR','SERVER_NAME');
my @envvars = ('browser.os','browser.type','browser.version','user.home','request.role');
my @loncvars = ('user.name','user.domain','request.course.sec','request.course.id');
- my @cookievars = ('lonID');
+ my @cookievars;
+ if ($ENV{'SERVER_PORT'} == 443) {
+ @cookievars = ('lonLinkID');
+ } else {
+ @cookievars = ('lonID');
+ }
my $admin = $Apache::lonnet::perlvar{'lonAdminMail'};
my $origmail = $Apache::lonnet::perlvar{'lonSupportEMail'};
@@ -991,7 +996,9 @@
if ($$cookie{'lonID'} =~ /lonID=($LONCAPA::handle_re);/) {
$cookies{'lonID'} = $1;
}
-
+ if ($$cookie{'lonLinkID'} =~ /lonLinkID=([a-f0-9]+_linked);/) {
+ $cookies{'lonLinkID'} = $1;
+ }
if ($attachmentpath =~ m-/([^/]+)$-) {
$fname = $1;
$displaymsg .= '<br />'
More information about the LON-CAPA-cvs
mailing list