[LON-CAPA-cvs] cvs: modules /raeburn/register DirectLogin.pm
raeburn
raeburn at source.lon-capa.org
Tue Mar 14 16:30:54 EDT 2017
raeburn Tue Mar 14 20:30:54 2017 EDT
Modified files:
/modules/raeburn/register DirectLogin.pm
Log:
- switch to Apache2/mod_perl2 calls
- cookie protection
Index: modules/raeburn/register/DirectLogin.pm
diff -u modules/raeburn/register/DirectLogin.pm:1.2 modules/raeburn/register/DirectLogin.pm:1.3
--- modules/raeburn/register/DirectLogin.pm:1.2 Sat Feb 4 01:15:01 2006
+++ modules/raeburn/register/DirectLogin.pm Tue Mar 14 20:30:53 2017
@@ -1,10 +1,13 @@
package Apache::LON::DirectLogin;
use strict;
-use Apache::RequestRec();
-use Apache::RequestIO();
+use Apache2::RequestRec();
+use Apache2::RequestIO();
+use Apache2::Response();
+use Apache2::Access();
+use Apache2::Connection ();
use Storable qw(store retrieve dclone);
-use Apache::Const qw(:common :http REDIRECT);
+use Apache2::Const qw(:common :http REDIRECT);
use CGI::Cookie();
use Apache::LON::Session;
use Apache::LON::processform;
@@ -14,7 +17,7 @@
my $login = $r->dir_config('Login');
my $inbound = $r->uri;
$r->custom_response(FORBIDDEN, $login);
- my $auth_name = $r->auth_name; # Auth Name is LONCAPAID
+ my $auth_name = $r->auth_name(); # Auth Name is LONCAPAID
my $cookie; # cookie to send to client
my $dbpwd; # get db credentials
my $authkeydir = "/home/helpdesk/admindata";
@@ -62,15 +65,17 @@
-name => $r->auth_name,
-value => { uri => $caller },
-path => '/'
+ -httponly => 1,
+ -secure => 1,
);
my $now = time;
- if ($now - $$tokenhash{'created'} > 1800) {
+ if ($now - $$tokenhash{'created'} > 10800) {
$r->notes->set('_RejectAuth' => "Your token has expired. Please authenticate using the username and password provided in the e-mail sent to you.");
} else {
if (&autologin($r,$dbh,\%attr,$tokenhash)) {
$r->notes->set('_AUTHFAIL' => 0);
- $r->err_headers_out->{'Set-cookie'} = $auth_cookie;
+ $r->err_headers_out->add('Set-cookie' => $auth_cookie);
}
}
} else {
More information about the LON-CAPA-cvs
mailing list