Branch: Tag:

2018-01-19

2018-01-19 08:35:35 by Karl Gustav Sterneberg <kg@roxen.com>

Wizards: Different name for RoxenWizardId cookie on http vs https.

If client scheme is https, cookie RoxenHttpsWizardId will be used, else
RoxenHttpWizardId will be used.

This fixes a bug that appeared in WS-135.

[WS-143 / WS-135]

729:    compress_state(id->real_variables)+"\" />\n";   #endif    -  string wizard_id = id->cookies["RoxenWizardId"]; +  string wizard_id = Roxen.get_wizard_id_cookie(id);    res = ("\n<!--Wizard-->\n"    "<form " + method + ">\n"    "<input type=\"hidden\" name=\"_roxen_wizard_id\" value=\"" +
915:       int current_page = (int) v->_page;    -  string wizard_id = id->cookies["RoxenWizardId"]; +  string wizard_id = Roxen.get_wizard_id_cookie(id);    if (!sizeof(wizard_id || "")) {    // Create a new cookie.    // Set the secure flag on the cookie if accessed over https [WS-135].    // NB: The cookie is used from Javascript, so it can't have    // httponly set. -  wizard_id = Roxen.set_wizard_id_cookie(id); -  id->cookies["RoxenWizardId"] = wizard_id; +  wizard_id = Roxen.set_wizard_id_cookie(id, true);    DEBUGMSG(sprintf("Wizard: Generated new wizard_id: %s\n", wizard_id));    }    if (wizard_id != id->variables["_roxen_wizard_id"]) {