Skip to content

Commit

Permalink
Merge pull request #2964 from cesanta/http-cookie
Browse files Browse the repository at this point in the history
Use separate cookies for HTTP and HTTPS connections
  • Loading branch information
scaprile authored Nov 22, 2024
2 parents 8ef02aa + b973187 commit b6dc830
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 16 deletions.
11 changes: 7 additions & 4 deletions examples/device-dashboard/net.c
Original file line number Diff line number Diff line change
Expand Up @@ -77,19 +77,22 @@ static struct user *authenticate(struct mg_http_message *hm) {

static void handle_login(struct mg_connection *c, struct user *u) {
char cookie[256];
const char *cookie_name = c->is_tls ? "secure_access_token" : "access_token";
mg_snprintf(cookie, sizeof(cookie),
"Set-Cookie: access_token=%s; Path=/; "
"Set-Cookie: %s=%s; Path=/; "
"%sHttpOnly; SameSite=Lax; Max-Age=%d\r\n",
u->access_token, c->is_tls ? "Secure; " : "", 3600 * 24);
cookie_name, u->access_token,
c->is_tls ? "Secure; " : "", 3600 * 24);
mg_http_reply(c, 200, cookie, "{%m:%m}", MG_ESC("user"), MG_ESC(u->name));
}

static void handle_logout(struct mg_connection *c) {
char cookie[256];
const char *cookie_name = c->is_tls ? "secure_access_token" : "access_token";
mg_snprintf(cookie, sizeof(cookie),
"Set-Cookie: access_token=; Path=/; "
"Set-Cookie: %s=; Path=/; "
"Expires=Thu, 01 Jan 1970 00:00:00 UTC; "
"%sHttpOnly; Max-Age=0; \r\n",
"%sHttpOnly; Max-Age=0; \r\n", cookie_name,
c->is_tls ? "Secure; " : "");
mg_http_reply(c, 200, cookie, "true\n");
}
Expand Down
20 changes: 12 additions & 8 deletions examples/wifi-router-dashboard/net.c
Original file line number Diff line number Diff line change
Expand Up @@ -156,19 +156,23 @@ static struct user *authenticate(struct mg_http_message *hm) {

static void handle_login(struct mg_connection *c, struct user *u) {
char cookie[256];
const char *cookie_name = c->is_tls ? "secure_access_token" : "access_token";
mg_snprintf(cookie, sizeof(cookie),
"Set-Cookie: access_token=%s;Path=/;"
"HttpOnly;SameSite=Lax;Max-Age=%d\r\n",
u->access_token, 3600 * 24);
"Set-Cookie: %s=%s;Path=/;"
"%sHttpOnly;SameSite=Lax;Max-Age=%d\r\n", cookie_name,
u->access_token, c->is_tls ? "Secure; " : "", 3600 * 24);
mg_http_reply(c, 200, cookie, "{%m:%m}", MG_ESC("user"), MG_ESC(u->name));
}

static void handle_logout(struct mg_connection *c) {
mg_http_reply(c, 200,
"Set-Cookie: access_token=; Path=/; "
"Expires=Thu, 01 Jan 1970 00:00:00 UTC; "
"Secure; HttpOnly; Max-Age=0; \r\n",
"true\n");
char cookie[256];
const char *cookie_name = c->is_tls ? "secure_access_token" : "access_token";
mg_snprintf(cookie, sizeof(cookie),
"Set-Cookie: %s=; Path=/; "
"Expires=Thu, 01 Jan 1970 00:00:00 UTC; "
"%sHttpOnly; Max-Age=0; \r\n", cookie_name,
c->is_tls ? "Secure; " : "");
mg_http_reply(c, 200, cookie, "true\n");
}

static void handle_debug(struct mg_connection *c, struct mg_http_message *hm) {
Expand Down
11 changes: 7 additions & 4 deletions reference-projects/windows-macos-linux/web-ui-dashboard/net.c
Original file line number Diff line number Diff line change
Expand Up @@ -78,19 +78,22 @@ static struct user *authenticate(struct mg_http_message *hm) {

static void handle_login(struct mg_connection *c, struct user *u) {
char cookie[256];
const char *cookie_name = c->is_tls ? "secure_access_token" : "access_token";
mg_snprintf(cookie, sizeof(cookie),
"Set-Cookie: access_token=%s; Path=/; "
"Set-Cookie: %s=%s; Path=/; "
"%sHttpOnly; SameSite=Lax; Max-Age=%d\r\n",
u->access_token, c->is_tls ? "Secure; " : "", 3600 * 24);
cookie_name, u->access_token,
c->is_tls ? "Secure; " : "", 3600 * 24);
mg_http_reply(c, 200, cookie, "{%m:%m}", MG_ESC("user"), MG_ESC(u->name));
}

static void handle_logout(struct mg_connection *c) {
char cookie[256];
const char *cookie_name = c->is_tls ? "secure_access_token" : "access_token";
mg_snprintf(cookie, sizeof(cookie),
"Set-Cookie: access_token=; Path=/; "
"Set-Cookie: %s=; Path=/; "
"Expires=Thu, 01 Jan 1970 00:00:00 UTC; "
"%sHttpOnly; Max-Age=0; \r\n",
"%sHttpOnly; Max-Age=0; \r\n", cookie_name,
c->is_tls ? "Secure; " : "");
mg_http_reply(c, 200, cookie, "true\n");
}
Expand Down

0 comments on commit b6dc830

Please sign in to comment.