#!/bin/sh
+# Copyright 2018 - 2022 Paul Hänsch
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
+# IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
[ -n "$include_session" ] && return 0
include_session="$0"
-_DATE="$(date +%s)"
+export _DATE="$(date +%s)"
SESSION_TIMEOUT="${SESSION_TIMEOUT:-7200}"
if ! which uuencode >/dev/null; then
update_session(){
local session sid time sig checksig
+ unset SESSION_KEY SESSION_ID
read -r sid time sig <<-END
$(POST session_key || COOKIE session)
checksig="$(session_mac "$sid" "$time")"
- if ! [ "$checksig" = "$sig" \
- -a "$time" -ge "$_DATE" \
- -a "$(printf %s "$sid" |checkid)" ] 2>&-
+ if [ "$checksig" = "$sig" \
+ -a "$time" -ge "$_DATE" \
+ -a "$(checkid "$sid")" ] 2>&-
then
- debug "Setting up new session"
- sid="$(randomid)"
+ time=$(( $_DATE + $SESSION_TIMEOUT ))
+ sig="$(session_mac "$sid" "$time")"
+
+ SESSION_KEY="${sid} ${time} ${sig}"
+ SESSION_ID="${sid}"
+ return 0
+ else
+ return 1
fi
+}
+
+new_session(){
+ local sid time sig
+
+ debug "Setting up new session"
+ sid="$(randomid)"
time=$(( $_DATE + $SESSION_TIMEOUT ))
sig="$(session_mac "$sid" "$time")"
- printf %s\\n "${sid} ${time} ${sig}"
+
+ SESSION_KEY="${sid} ${time} ${sig}"
+ SESSION_ID="${sid}"
}
SESSION_BIND() {
# Set tamper-proof authenticated cookie
local key="$1" value="$2"
- SET_COOKIE session "$key"="${value} $(session_mac "$value" "$SESSION_ID")"
+ SET_COOKIE session "$key"="${value} $(session_mac "$value" "$SESSION_ID")" Path="/${_BASE#/}" SameSite=Strict HttpOnly
}
SESSION_VAR() {
fi
}
-SESSION_KEY="$(update_session)"
-SET_COOKIE 0 session="$SESSION_KEY" Path=/ SameSite=Strict HttpOnly
-SESSION_ID="${SESSION_KEY%% *}"
+SESSION_COOKIE() {
+ [ "$1" = new ] && new_session
+ SET_COOKIE 0 session="$SESSION_KEY" Path="/${_BASE#/}" SameSite=Strict HttpOnly
+}
+
+update_session || new_session