diff options
-rw-r--r-- | include/local-def.h | 2 | ||||
-rw-r--r-- | src/rest-api.c | 2 | ||||
-rw-r--r-- | src/session.c | 4 |
3 files changed, 5 insertions, 3 deletions
diff --git a/include/local-def.h b/include/local-def.h index 01f10626..0bf0294d 100644 --- a/include/local-def.h +++ b/include/local-def.h @@ -54,7 +54,7 @@ #define MAGIC_DB "/usr/share/misc/magic.mgc" #define OPA_INDEX "index.html" #define MAX_ALIAS 10 // max number of aliases -#define COOKIE_NAME "AJB_session" +#define COOKIE_NAME "afb-session" #define DEFLT_CNTX_TIMEOUT 3600 // default Client Connection Timeout diff --git a/src/rest-api.c b/src/rest-api.c index c85fbea1..b83e8932 100644 --- a/src/rest-api.c +++ b/src/rest-api.c @@ -514,7 +514,7 @@ ProcessApiCall: // client did not pass token on URI let's use cookies if ((!request->restfull) && (request->context != NULL)) { char cookie[256]; - snprintf (cookie, sizeof (cookie), "%s=%s;path=%s;max-age=%d", COOKIE_NAME, request->uuid, request->config->rootapi,request->config->cntxTimeout); + snprintf (cookie, sizeof (cookie), "%s-%d=%s; Path=%s; Max-Age=%d; HttpOnly", COOKIE_NAME, request->config->httpdPort, request->uuid, request->config->rootapi,request->config->cntxTimeout); MHD_add_response_header (webResponse, MHD_HTTP_HEADER_SET_COOKIE, cookie); } diff --git a/src/session.c b/src/session.c index 9e25c27f..481e04c7 100644 --- a/src/session.c +++ b/src/session.c @@ -449,8 +449,10 @@ PUBLIC AFB_clientCtx *ctxClientGet (AFB_request *request, int idx) { // if UUID in query we're restfull with no cookies otherwise check for cookie if (uuid != NULL) request->restfull = TRUE; else { + char cookie[64]; request->restfull = FALSE; - uuid = MHD_lookup_connection_value (request->connection, MHD_COOKIE_KIND, COOKIE_NAME); + snprintf(cookie, sizeof cookie, "%s-%d", COOKIE_NAME, request->config->httpdPort); + uuid = MHD_lookup_connection_value (request->connection, MHD_COOKIE_KIND, cookie); }; // Warning when no cookie defined MHD_lookup_connection_value may return something !!! |