Branch: Tag:

2018-01-19

2018-01-19 08:35:35 by Karl Gustav Sterneberg <kg@roxen.com>

Wizards: Different name for RoxenWizardId cookie on http vs https.

If client scheme is https, cookie RoxenHttpsWizardId will be used, else
RoxenHttpWizardId will be used.

This fixes a bug that appeared in WS-135.

[WS-143 / WS-135]

5314:    id->add_response_header ("Set-Cookie", cookie);   }    - string set_wizard_id_cookie(RequestID id) + string get_wizard_id_cookie_name(RequestID id) + { +  bool secure = id->client_scheme && id->client_scheme() == "https"; +  return secure ? "RoxenHttpsWizardId" : "RoxenHttpWizardId"; + } +  + string set_wizard_id_cookie(RequestID id, void|bool update_id)   //! Sets the RoxenWizardId cookie and returns the value of the cookie.   //!   //! @param id   //! @[RequestID] for which to set the cookie.   //! -  + //! @param update_id + //! If true, also updates the RequestID objects cookie map. + //!   //! @returns   //! The value of the cookie.   {    // Set the secure flag on the cookie if accessed over https [WS-135].    // NB: The cookie is used from Javascript, so it can't have    // httponly set. -  string name = "RoxenWizardId"; -  string value = (string)random(0x7fffffff); +  string name = get_wizard_id_cookie_name(id); +  string value = (string) (random(0x7ffffffe) + 1);    int expire_time_delta = 0;    string domain = 0;    string path = "/";
5341:    path,    secure,    httponly); +  if (update_id) { +  id->cookies[name] = value; +  }    return value;   }    -  + string get_wizard_id_cookie(RequestID id) + { +  return id->cookies[get_wizard_id_cookie_name(id)]; + } +    void remove_cookie( RequestID id,    string name,    string value,