[LON-CAPA-cvs] cvs: modules /raeburn/register DirectLogin.pm

raeburn raeburn at source.lon-capa.org
Tue Mar 14 16:30:54 EDT 2017


raeburn		Tue Mar 14 20:30:54 2017 EDT

  Modified files:              
    /modules/raeburn/register	DirectLogin.pm 
  Log:
  - switch to Apache2/mod_perl2 calls
  - cookie protection
  
  
Index: modules/raeburn/register/DirectLogin.pm
diff -u modules/raeburn/register/DirectLogin.pm:1.2 modules/raeburn/register/DirectLogin.pm:1.3
--- modules/raeburn/register/DirectLogin.pm:1.2	Sat Feb  4 01:15:01 2006
+++ modules/raeburn/register/DirectLogin.pm	Tue Mar 14 20:30:53 2017
@@ -1,10 +1,13 @@
 package Apache::LON::DirectLogin;
 
 use strict;
-use Apache::RequestRec();
-use Apache::RequestIO();
+use Apache2::RequestRec();
+use Apache2::RequestIO();
+use Apache2::Response();
+use Apache2::Access();
+use Apache2::Connection ();
 use Storable qw(store retrieve dclone);
-use Apache::Const qw(:common :http REDIRECT);
+use Apache2::Const qw(:common :http REDIRECT);
 use CGI::Cookie();
 use Apache::LON::Session;
 use Apache::LON::processform;
@@ -14,7 +17,7 @@
     my $login = $r->dir_config('Login');
     my $inbound = $r->uri;
     $r->custom_response(FORBIDDEN, $login);
-    my $auth_name = $r->auth_name;    # Auth Name is LONCAPAID
+    my $auth_name = $r->auth_name();  # Auth Name is LONCAPAID
     my $cookie;                       # cookie to send to client
     my $dbpwd;                        # get db credentials
     my $authkeydir = "/home/helpdesk/admindata";
@@ -62,15 +65,17 @@
                                       -name => $r->auth_name,
                                       -value => { uri => $caller },
                                       -path => '/'
+                                      -httponly => 1,
+                                      -secure => 1,
                                      );
         my $now = time;
-        if ($now - $$tokenhash{'created'} > 1800) {
+        if ($now - $$tokenhash{'created'} > 10800) {
             $r->notes->set('_RejectAuth' => "Your token has expired. Please authenticate using the username and password provided in the e-mail sent to you.");
 
         } else {
             if (&autologin($r,$dbh,\%attr,$tokenhash)) {
                 $r->notes->set('_AUTHFAIL' => 0);
-                $r->err_headers_out->{'Set-cookie'} = $auth_cookie;
+                $r->err_headers_out->add('Set-cookie' => $auth_cookie);
             }
         }
     } else {




More information about the LON-CAPA-cvs mailing list