Use alphanumeric name for session cookie to help restricted clients. (#…

…98) * Use alphanumeric name for session cookie to help restricted clients. * Singular session dammit.
cvicente · Jan 8, 2018 · 691c431 · 691c431
1 parent 1fefa4d
commit 691c431
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 0 deletions.
diff --git a/etc/netdot_apache24_local.conf b/etc/netdot_apache24_local.conf
@@ -94,6 +94,10 @@ PerlSetVar NetdotTemporarySessionExpires +2h
 # Apache 2.4 Authorization
 PerlAddAuthzProvider user Apache2::SiteControl->authz_handler
 
+# Setting the cookie name here to prevent RFC 6265 compliant clients
+# from choking on the the default. See Apache2::AuthCookie::Base->cookie_name
+PerlSetVar NetdotCookieName NetdotSession
+
 <Directory <<Make:PREFIX>>/htdocs/>
    # Other applications may have attempted to override how .html files are
    # interpreted.  We need to reset this so that HTML::Mason can work 

diff --git a/etc/netdot_apache2_krb5.conf b/etc/netdot_apache2_krb5.conf
@@ -89,6 +89,10 @@ PerlSetVar NetdotCache 1
 # NetdotExpires in a typical AuthCookie setup.
 PerlSetVar NetdotTemporarySessionExpires +2h
 
+# Setting the cookie name here to prevent RFC 6265 compliant clients
+# from choking on the the default. See Apache2::AuthCookie::Base->cookie_name
+PerlSetVar NetdotCookieName NetdotSession
+
 <Directory /usr/local/netdot/htdocs/>
    Order Deny,Allow
    Allow from all

diff --git a/etc/netdot_apache2_ldap.conf b/etc/netdot_apache2_ldap.conf
@@ -90,6 +90,10 @@ PerlSetVar NetdotCache 1
 # NetdotExpires in a typical AuthCookie setup.
 PerlSetVar NetdotTemporarySessionExpires +2h
 
+# Setting the cookie name here to prevent RFC 6265 compliant clients
+# from choking on the the default. See Apache2::AuthCookie::Base->cookie_name
+PerlSetVar NetdotCookieName NetdotSession
+
 <Directory <<Make:PREFIX>>/htdocs/>
    Order Deny,Allow
    Allow from all

diff --git a/etc/netdot_apache2_local.conf b/etc/netdot_apache2_local.conf
@@ -90,6 +90,10 @@ PerlSetVar NetdotCache 1
 # NetdotExpires in a typical AuthCookie setup.
 PerlSetVar NetdotTemporarySessionExpires +2h
 
+# Setting the cookie name here to prevent RFC 6265 compliant clients
+# from choking on the the default. See Apache2::AuthCookie::Base->cookie_name
+PerlSetVar NetdotCookieName NetdotSession
+
 <Directory <<Make:PREFIX>>/htdocs/>
    Order Deny,Allow
    Allow from all

diff --git a/etc/netdot_apache2_radius.conf b/etc/netdot_apache2_radius.conf
@@ -89,6 +89,10 @@ PerlSetVar NetdotCache 1
 # NetdotExpires in a typical AuthCookie setup.
 PerlSetVar NetdotTemporarySessionExpires +2h
 
+# Setting the cookie name here to prevent RFC 6265 compliant clients
+# from choking on the the default. See Apache2::AuthCookie::Base->cookie_name
+PerlSetVar NetdotCookieName NetdotSession
+
 <Directory <<Make:PREFIX>>/htdocs/>
    Order Deny,Allow
    Allow from all