);
bool matches(
const Application& app,
- const xmltooling::HTTPRequest& request,
+ const HTTPRequest& request,
const saml2md::EntityDescriptor* issuer,
const saml2::NameID& nameid,
const set<string>* indexes
void remove(const Application& app, const char* key);
void test();
- string active(const Application& app, const xmltooling::HTTPRequest& request) {
- pair<string,const char*> shib_cookie = app.getCookieNameProps("_shibsession_");
- const char* session_id = request.getCookie(shib_cookie.first.c_str());
- return (session_id ? session_id : "");
+ string active(const Application& app, const HTTPRequest& request) {
+ if (m_inboundHeader.empty()) {
+ pair<string,const char*> shib_cookie = app.getCookieNameProps("_shibsession_");
+ const char* session_id = request.getCookie(shib_cookie.first.c_str());
+ return (session_id ? session_id : "");
+ }
+ else {
+ string session_id = request.getHeader(m_inboundHeader.c_str());
+ if (!session_id.empty())
+ return session_id;
+ const char* p = request.getParameter(m_inboundHeader.c_str());
+ return (p ? p : "");
+ }
}
Session* find(const Application& app, const HTTPRequest& request, const char* client_addr=nullptr, time_t* timeout=nullptr) {
return nullptr;
}
- Session* find(const Application& app, HTTPRequest& request, const char* client_addr=nullptr, time_t* timeout=nullptr) {
- string id = active(app, request);
- if (id.empty())
- return nullptr;
- try {
- Session* session = find(app, id.c_str(), client_addr, timeout);
- if (session)
- return session;
- HTTPResponse* response = dynamic_cast<HTTPResponse*>(&request);
- if (response) {
- pair<string,const char*> shib_cookie = app.getCookieNameProps("_shibsession_");
- string exp(shib_cookie.second);
- exp += "; expires=Mon, 01 Jan 2001 00:00:00 GMT";
- response->setCookie(shib_cookie.first.c_str(), exp.c_str());
- }
- }
- catch (exception&) {
- HTTPResponse* response = dynamic_cast<HTTPResponse*>(&request);
- if (response) {
- pair<string,const char*> shib_cookie = app.getCookieNameProps("_shibsession_");
- string exp(shib_cookie.second);
- exp += "; expires=Mon, 01 Jan 2001 00:00:00 GMT";
- response->setCookie(shib_cookie.first.c_str(), exp.c_str());
- }
- throw;
- }
- return nullptr;
- }
-
- void remove(const Application& app, const HTTPRequest& request, HTTPResponse* response=nullptr) {
- pair<string,const char*> shib_cookie = app.getCookieNameProps("_shibsession_");
- const char* session_id = request.getCookie(shib_cookie.first.c_str());
- if (session_id && *session_id) {
- if (response) {
- string exp(shib_cookie.second);
- exp += "; expires=Mon, 01 Jan 2001 00:00:00 GMT";
- response->setCookie(shib_cookie.first.c_str(), exp.c_str());
- }
- remove(app, session_id);
- }
- }
+ Session* find(const Application& app, HTTPRequest& request, const char* client_addr=nullptr, time_t* timeout=nullptr);
+ void remove(const Application& app, const HTTPRequest& request, HTTPResponse* response=nullptr);
unsigned long getCacheTimeout(const Application& app) {
// Computes offset for adjusting expiration of sessions.
#endif
const DOMElement* m_root; // Only valid during initialization
unsigned long m_inprocTimeout,m_cacheTimeout,m_cacheAllowance;
+ string m_inboundHeader,m_outboundHeader;
// inproc means we buffer sessions in memory
RWLock* m_lock;
static const XMLCh cacheAssertions[] = UNICODE_LITERAL_15(c,a,c,h,e,A,s,s,e,r,t,i,o,n,s);
static const XMLCh cacheTimeout[] = UNICODE_LITERAL_12(c,a,c,h,e,T,i,m,e,o,u,t);
static const XMLCh inprocTimeout[] = UNICODE_LITERAL_13(i,n,p,r,o,c,T,i,m,e,o,u,t);
+ static const XMLCh inboundHeader[] = UNICODE_LITERAL_13(i,n,b,o,u,n,d,H,e,a,d,e,r);
+ static const XMLCh outboundHeader[] = UNICODE_LITERAL_14(o,u,t,b,o,u,n,d,H,e,a,d,e,r);
static const XMLCh _StorageService[] = UNICODE_LITERAL_14(S,t,o,r,a,g,e,S,e,r,v,i,c,e);
static const XMLCh _StorageServiceLite[] = UNICODE_LITERAL_18(S,t,o,r,a,g,e,S,e,r,v,i,c,e,L,i,t,e);
m_cacheAllowance = XMLHelper::getAttrInt(e, 0, cacheAllowance);
if (inproc)
m_inprocTimeout = XMLHelper::getAttrInt(e, 900, inprocTimeout);
+ m_inboundHeader = XMLHelper::getAttrString(e, nullptr, inboundHeader);
+ m_outboundHeader = XMLHelper::getAttrString(e, nullptr, outboundHeader);
#ifndef SHIBSP_LITE
if (conf.isEnabled(SPConfig::OutOfProcess)) {
xlog->log.info("}");
}
- time_t cookieLifetime = 0;
- pair<string,const char*> shib_cookie = app.getCookieNameProps("_shibsession_", &cookieLifetime);
- string k(key.get());
- k += shib_cookie.second;
+ if (m_outboundHeader.empty()) {
+ time_t cookieLifetime = 0;
+ pair<string,const char*> shib_cookie = app.getCookieNameProps("_shibsession_", &cookieLifetime);
+ string k(key.get());
+ k += shib_cookie.second;
- if (cookieLifetime > 0) {
- cookieLifetime += now;
+ if (cookieLifetime > 0) {
+ cookieLifetime += now;
#ifndef HAVE_GMTIME_R
- ptime=gmtime(&cookieLifetime);
+ ptime=gmtime(&cookieLifetime);
#else
- ptime=gmtime_r(&cookieLifetime,&res);
+ ptime=gmtime_r(&cookieLifetime,&res);
#endif
- char cookietimebuf[64];
- strftime(cookietimebuf,64,"; expires=%a, %d %b %Y %H:%M:%S GMT",ptime);
- k += cookietimebuf;
- }
+ char cookietimebuf[64];
+ strftime(cookietimebuf,64,"; expires=%a, %d %b %Y %H:%M:%S GMT",ptime);
+ k += cookietimebuf;
+ }
- httpResponse.setCookie(shib_cookie.first.c_str(), k.c_str());
+ httpResponse.setCookie(shib_cookie.first.c_str(), k.c_str());
+ }
+ else {
+ // Use an arbitrary header to pass back the session ID instead of a cookie.
+ httpResponse.setResponseHeader(m_outboundHeader.c_str(), key.get());
+ }
}
bool SSCache::matches(
return session;
}
+Session* SSCache::find(const Application& app, HTTPRequest& request, const char* client_addr, time_t* timeout)
+{
+ string id = active(app, request);
+ if (id.empty())
+ return nullptr;
+ try {
+ Session* session = find(app, id.c_str(), client_addr, timeout);
+ if (session)
+ return session;
+ HTTPResponse* response = dynamic_cast<HTTPResponse*>(&request);
+ if (response) {
+ if (m_outboundHeader.empty()) {
+ pair<string,const char*> shib_cookie = app.getCookieNameProps("_shibsession_");
+ string exp(shib_cookie.second);
+ exp += "; expires=Mon, 01 Jan 2001 00:00:00 GMT";
+ response->setCookie(shib_cookie.first.c_str(), exp.c_str());
+ }
+ else {
+ response->setResponseHeader(m_outboundHeader.c_str(), nullptr);
+ }
+ }
+ }
+ catch (exception&) {
+ if (m_outboundHeader.empty()) {
+ HTTPResponse* response = dynamic_cast<HTTPResponse*>(&request);
+ if (response) {
+ if (m_outboundHeader.empty()) {
+ pair<string,const char*> shib_cookie = app.getCookieNameProps("_shibsession_");
+ string exp(shib_cookie.second);
+ exp += "; expires=Mon, 01 Jan 2001 00:00:00 GMT";
+ response->setCookie(shib_cookie.first.c_str(), exp.c_str());
+ }
+ else {
+ response->setResponseHeader(m_outboundHeader.c_str(), nullptr);
+ }
+ }
+ }
+ throw;
+ }
+ return nullptr;
+}
+
+void SSCache::remove(const Application& app, const HTTPRequest& request, HTTPResponse* response)
+{
+ if (m_inboundHeader.empty()) {
+ pair<string,const char*> shib_cookie = app.getCookieNameProps("_shibsession_");
+ const char* session_id = request.getCookie(shib_cookie.first.c_str());
+ if (session_id && *session_id) {
+ if (response) {
+ if (m_outboundHeader.empty()) {
+ string exp(shib_cookie.second);
+ exp += "; expires=Mon, 01 Jan 2001 00:00:00 GMT";
+ response->setCookie(shib_cookie.first.c_str(), exp.c_str());
+ }
+ else {
+ response->setResponseHeader(m_outboundHeader.c_str(), nullptr);
+ }
+ }
+ remove(app, session_id);
+ }
+ }
+ else {
+ string session_id = request.getHeader(m_inboundHeader.c_str());
+ if (session_id.empty()) {
+ const char* p = request.getParameter(m_inboundHeader.c_str());
+ if (p)
+ session_id = p;
+ }
+ if (!session_id.empty()) {
+ if (response && !m_outboundHeader.empty())
+ response->setResponseHeader(m_outboundHeader.c_str(), nullptr);
+ remove(app, session_id.c_str());
+ }
+ }
+}
+
void SSCache::remove(const Application& app, const char* key)
{
#ifdef _DEBUG
projects / shibboleth / sp.git / commitdiff