Skip to content

Reset the cookie session before Mojolicious saves it. #2731

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: WeBWorK-2.20
Choose a base branch
from
Open

Reset the cookie session before Mojolicious saves it. #2731

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions lib/WeBWorK/Authen.pm
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -844,6 +844,10 @@ sub store_session {
}
}

# The session parameters need to be set again, because another request may have occured during this
# request in which case the session parameters for the app will now be set for that request.
$self->{c}->setSessionParams;

return;
}

Expand Down
33 changes: 19 additions & 14 deletions lib/WeBWorK/Controller.pm
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,24 @@ sub param ($c, @opts) {
return wantarray ? @{ $c->{paramcache}{$name} } : $c->{paramcache}{$name}[0];
}

sub setSessionParams ($c) {
$c->app->sessions->cookie_name(
$c->stash('courseID') ? 'WeBWorKCourseSession.' . $c->stash('courseID') : 'WeBWorKGeneralSession');

# If the hostname is 'localhost' or '127.0.0.1', then the cookie domain must be omitted.
my $hostname = $c->req->url->to_abs->host;
$c->app->sessions->cookie_domain($hostname) if $hostname ne 'localhost' && $hostname ne '127.0.0.1';

$c->app->sessions->cookie_path($c->ce->{webworkURLRoot});
$c->app->sessions->secure($c->ce->{CookieSecure});

# If this is a session for LTI content selection, then always use SameSite None. Otherwise cookies will not be
# sent since this is in an iframe embedded in the LMS.
$c->app->sessions->samesite($c->stash->{isContentSelection} ? 'None' : $c->ce->{CookieSameSite});

return;
}

# Override the Mojolicious::Controller session method to set the cookie parameters
# from the course environment the first time it is called.
sub session ($c, @args) {
Expand All @@ -53,20 +71,7 @@ sub session ($c, @args) {
# Initialize the cookie session the first time this is called.
unless ($c->stash->{'webwork2.cookie_session_initialized'}) {
$c->stash->{'webwork2.cookie_session_initialized'} = 1;

$c->app->sessions->cookie_name(
$c->stash('courseID') ? 'WeBWorKCourseSession.' . $c->stash('courseID') : 'WeBWorKGeneralSession');

# If the hostname is 'localhost' or '127.0.0.1', then the cookie domain must be omitted.
my $hostname = $c->req->url->to_abs->host;
$c->app->sessions->cookie_domain($hostname) if $hostname ne 'localhost' && $hostname ne '127.0.0.1';

$c->app->sessions->cookie_path($c->ce->{webworkURLRoot});
$c->app->sessions->secure($c->ce->{CookieSecure});

# If this is a session for LTI content selection, then always use SameSite None. Otherwise cookies will not be
# sent since this is in an iframe embedded in the LMS.
$c->app->sessions->samesite($c->stash->{isContentSelection} ? 'None' : $c->ce->{CookieSameSite});
$c->setSessionParams;
}

return $c->SUPER::session(@args);
Expand Down