]> git.plutz.net Git - cgilite/commitdiff
function new_session to force session update, limit session cookies to _BASE path
authorPaul Hänsch <paul@plutz.net>
Wed, 15 Sep 2021 23:57:47 +0000 (01:57 +0200)
committerPaul Hänsch <paul@plutz.net>
Wed, 15 Sep 2021 23:57:47 +0000 (01:57 +0200)
session.sh

index 5b36ae032af4e818af91d4b73190a9f83614da15..8fb623639c14b372c7c88b98695b8edca24b1943 100755 (executable)
@@ -75,6 +75,7 @@ checkid(){ { [ $# -gt 0 ] && printf %s "$*" || cat; } | grep -m 1 -xE '[0-9a-zA-
 
 update_session(){
   local session sid time sig checksig
 
 update_session(){
   local session sid time sig checksig
+  unset SESSION_KEY SESSION_ID
 
   read -r sid time sig <<-END
        $(POST session_key || COOKIE session)
 
   read -r sid time sig <<-END
        $(POST session_key || COOKIE session)
@@ -82,23 +83,38 @@ update_session(){
   
   checksig="$(session_mac "$sid" "$time")"
   
   
   checksig="$(session_mac "$sid" "$time")"
   
-  if [ "$checksig" = "$sig" \
-    -a "$time" -ge "$_DATE" \
-    -a "$(printf %s "$sid" |checkid)" ] 2>&-
+  if [ "$checksig" = "$sig" \
+       -a "$time" -ge "$_DATE" \
+       -a "$(checkid "$sid")" ] 2>&-
   then
   then
-    debug "Setting up new session"
-    sid="$(randomid)"
+    time=$(( $_DATE + $SESSION_TIMEOUT ))
+    sig="$(session_mac "$sid" "$time")"
+
+    SESSION_KEY="${sid} ${time} ${sig}"
+    SESSION_ID="${sid}"
+    return 0
+  else
+    return 1
   fi
 
   fi
 
+}
+
+new_session(){
+  local sid time sig
+
+  debug "Setting up new session"
+  sid="$(randomid)"
   time=$(( $_DATE + $SESSION_TIMEOUT ))
   sig="$(session_mac "$sid" "$time")"
   time=$(( $_DATE + $SESSION_TIMEOUT ))
   sig="$(session_mac "$sid" "$time")"
-  printf %s\\n "${sid} ${time} ${sig}"
+
+  SESSION_KEY="${sid} ${time} ${sig}"
+  SESSION_ID="${sid}"
 }
 
 SESSION_BIND() {
   # Set tamper-proof authenticated cookie
   local key="$1" value="$2"
 }
 
 SESSION_BIND() {
   # Set tamper-proof authenticated cookie
   local key="$1" value="$2"
-  SET_COOKIE session "$key"="${value} $(session_mac "$value" "$SESSION_ID")"
+  SET_COOKIE session "$key"="${value} $(session_mac "$value" "$SESSION_ID")" Path="/${_BASE#/}" SameSite=Strict HttpOnly
 }
 
 SESSION_VAR() {
 }
 
 SESSION_VAR() {
@@ -115,10 +131,10 @@ SESSION_VAR() {
 }
 
 SESSION_COOKIE() {
 }
 
 SESSION_COOKIE() {
-  SET_COOKIE 0 session="$SESSION_KEY" Path=/ SameSite=Strict HttpOnly
+  [ "$1" = new ] && new_session
+  SET_COOKIE 0 session="$SESSION_KEY" Path="/${_BASE#/}" SameSite=Strict HttpOnly
 }
 
 }
 
-SESSION_KEY="$(update_session)"
-SESSION_ID="${SESSION_KEY%% *}"
+update_session || new_session
 
 [ "$1" = nocookie ] || SESSION_COOKIE
 
 [ "$1" = nocookie ] || SESSION_COOKIE