[interchange: 1/4] Interchange since 5.0 has not allowed setting CookieName while retaining
Mike Heins
interchange-cvs at icdevgroup.org
Sat Mar 22 14:29:48 UTC 2014
commit 415be046b4e834fc777be7bde716ef32335b948c
Author: Mike Heins <heins at icdevgroup.com>
Date: Sun Feb 9 11:05:58 2014 -0500
Interchange since 5.0 has not allowed setting CookieName while retaining
the standard CoOkIe:1.1.1.1 pattern. Also, PHP setcookie routine URLencodes
cookie values, so the %3a that : is moved to defeats our patterns.
So, this commit does three things.
* Change cookie handling so that setting a CookieName doesn't affect the
addition of host/username as long as the InternalCookie directive
is set to Yes.
* Add InternalCookie directive to indicate that a custom CookieName
should have internal handling. (A YesNo directive).
* Treat %3a as equivlent to : for cookie matching when in
InternalCookie mode.
So, to change the CookieName for sessions from MV_SESSION_ID
to MVID without changing external cookie behavior, do in
catalog.cfg:
CookieName MVID
InternalCookie Yes
If you don't set InternalCookie Yes, it will have the old ExternalCookie
behavior where the session file is solely based on what is found
in $Vend::Cfg->{CookiePattern}.
If you don't change the CookieName from MV_SESSION_ID (assuming you
don't explicitly set to that in catalog.cfg) then "InternalCookie Yes"
is implied.
lib/Vend/Config.pm | 1 +
lib/Vend/Dispatch.pm | 21 +++++++++++++++------
2 files changed, 16 insertions(+), 6 deletions(-)
---
diff --git a/lib/Vend/Config.pm b/lib/Vend/Config.pm
index 3a0c10c..17cc467 100644
--- a/lib/Vend/Config.pm
+++ b/lib/Vend/Config.pm
@@ -655,6 +655,7 @@ sub catalog_directives {
['CookiePattern', 'regex', '[-\w:.]+'],
['CookieLogin', 'yesno', 'No'],
['CookieDomain', undef, ''],
+ ['InternalCookie', 'yesno', 'No'], ## Allows CookieName to be change yet still handle IP address in cookie
['MasterHost', undef, ''],
['UserTag', 'tag', ''],
['CodeDef', 'mapped_code', ''],
diff --git a/lib/Vend/Dispatch.pm b/lib/Vend/Dispatch.pm
index b0b1de9..dba59ba 100644
--- a/lib/Vend/Dispatch.pm
+++ b/lib/Vend/Dispatch.pm
@@ -1275,30 +1275,39 @@ sub dispatch {
elsif ($sessionid and $CGI::values{mv_force_session}) {
# do nothing
}
- elsif ($::Instance->{CookieName} and defined $CGI::cookie) {
+ elsif ($::Instance->{CookieName} and ! $Vend::Cfg->{InternalCookie} and $CGI::cookie) {
$CGI::cookie =~ m{$::Instance->{CookieName}=($Vend::Cfg->{CookiePattern})};
$seed = $sessionid = $1;
- $::Instance->{ExternalCookie} = $sessionid || 1;
+ if($Vend::Cfg->{InternalCookie}) {
+ $CGI::cookiehost = $4;
+ $CGI::cookieuser = $5;
+ }
+ else {
+ $::Instance->{ExternalCookie} = 1;
+ }
$Vend::CookieID = $Vend::Cookie = 1;
}
- elsif (defined $CGI::cookie and $CGI::cookie =~ /\bMV_SESSION_ID=(\w{8,32})[:_]([-\@.:A-Za-z0-9]+)/) {
+ elsif ( $CGI::cookie
+ and $::Instance->{CookieName} ||= 'MV_SESSION_ID'
+ and $CGI::cookie =~ /\b$::Instance->{CookieName}=(\w{8,32})(?:[:_]|%3[aA])([-\@.:A-Za-z0-9]+)/ ) {
SESSION_COOKIE: {
my $id = $1;
my $host = $2;
if (is_ipv4($host) || is_ipv6($host)) {
- $CGI::cookiehost = $host;
+ $CGI::cookiehost = $host;
}
elsif ($host =~ /[A-Za-z0-9][-\@A-Za-z.0-9]+/) {
- $CGI::cookieuser = $host;
+ $CGI::cookieuser = $host;
}
else {
- last SESSION_COOKIE;
+ last SESSION_COOKIE;
}
$sessionid = $id;
$Vend::CookieID = $Vend::Cookie = 1;
}
}
+#::logDebug("Instance CookieName=$::Instance->{CookieName}, found sessionid=$sessionid cookiehost=$CGI::cookiehost cookieuser=$CGI::cookieuser external=$::Instance->{ExternalCookie}");
Vend::Server::set_process_name("$Vend::Cat $CGI::host $sessionid");
More information about the interchange-cvs
mailing list