Skip to content
Browse files

Interchange since 5.0 has not allowed setting CookieName while retaining

the standard CoOkIe:1.1.1.1 pattern. Also, PHP setcookie routine URLencodes
cookie values, so the %3a that : is moved to defeats our patterns.

So, this commit does three things.

* Change cookie handling so that setting a CookieName doesn't affect the
  addition of host/username as long as the InternalCookie directive
  is set to Yes.

* Add InternalCookie directive to indicate that a custom CookieName
  should have internal handling.  (A YesNo directive).

* Treat %3a as equivlent to : for cookie matching when in
  InternalCookie mode.

So, to change the CookieName for sessions from MV_SESSION_ID
to MVID without changing external cookie behavior, do in
catalog.cfg:

    CookieName      MVID
    InternalCookie  Yes

If you don't set InternalCookie Yes, it will have the old ExternalCookie
behavior where the session file is solely based on what is found
in $Vend::Cfg->{CookiePattern}.

If you don't change the CookieName from MV_SESSION_ID (assuming you
don't explicitly set to that in catalog.cfg) then "InternalCookie Yes"
is implied.
  • Loading branch information...
1 parent 3394657 commit 415be046b4e834fc777be7bde716ef32335b948c Mike Heins committed Feb 9, 2014
Showing with 16 additions and 6 deletions.
  1. +1 −0 lib/Vend/Config.pm
  2. +15 −6 lib/Vend/Dispatch.pm
View
1 lib/Vend/Config.pm
@@ -655,6 +655,7 @@ sub catalog_directives {
['CookiePattern', 'regex', '[-\w:.]+'],
['CookieLogin', 'yesno', 'No'],
['CookieDomain', undef, ''],
+ ['InternalCookie', 'yesno', 'No'], ## Allows CookieName to be change yet still handle IP address in cookie
['MasterHost', undef, ''],
['UserTag', 'tag', ''],
['CodeDef', 'mapped_code', ''],
View
21 lib/Vend/Dispatch.pm
@@ -1275,30 +1275,39 @@ sub dispatch {
elsif ($sessionid and $CGI::values{mv_force_session}) {
# do nothing
}
- elsif ($::Instance->{CookieName} and defined $CGI::cookie) {
+ elsif ($::Instance->{CookieName} and ! $Vend::Cfg->{InternalCookie} and $CGI::cookie) {
$CGI::cookie =~ m{$::Instance->{CookieName}=($Vend::Cfg->{CookiePattern})};
$seed = $sessionid = $1;
- $::Instance->{ExternalCookie} = $sessionid || 1;
+ if($Vend::Cfg->{InternalCookie}) {
+ $CGI::cookiehost = $4;
+ $CGI::cookieuser = $5;
+ }
+ else {
+ $::Instance->{ExternalCookie} = 1;
+ }
$Vend::CookieID = $Vend::Cookie = 1;
}
- elsif (defined $CGI::cookie and $CGI::cookie =~ /\bMV_SESSION_ID=(\w{8,32})[:_]([-\@.:A-Za-z0-9]+)/) {
+ elsif ( $CGI::cookie
+ and $::Instance->{CookieName} ||= 'MV_SESSION_ID'
+ and $CGI::cookie =~ /\b$::Instance->{CookieName}=(\w{8,32})(?:[:_]|%3[aA])([-\@.:A-Za-z0-9]+)/ ) {
SESSION_COOKIE: {
my $id = $1;
my $host = $2;
if (is_ipv4($host) || is_ipv6($host)) {
- $CGI::cookiehost = $host;
+ $CGI::cookiehost = $host;
}
elsif ($host =~ /[A-Za-z0-9][-\@A-Za-z.0-9]+/) {
- $CGI::cookieuser = $host;
+ $CGI::cookieuser = $host;
}
else {
- last SESSION_COOKIE;
+ last SESSION_COOKIE;
}
$sessionid = $id;
$Vend::CookieID = $Vend::Cookie = 1;
}
}
+#::logDebug("Instance CookieName=$::Instance->{CookieName}, found sessionid=$sessionid cookiehost=$CGI::cookiehost cookieuser=$CGI::cookieuser external=$::Instance->{ExternalCookie}");
Vend::Server::set_process_name("$Vend::Cat $CGI::host $sessionid");

0 comments on commit 415be04

Please sign in to comment.
Something went wrong with that request. Please try again.