/* * save the session to the cache using a cookie for the index */ static apr_status_t oidc_session_save_cache(request_rec *r, session_rec *z) { oidc_cfg *c = ap_get_module_config(r->server->module_config, &auth_openidc_module); oidc_dir_cfg *d = ap_get_module_config(r->per_dir_config, &auth_openidc_module); char key[APR_UUID_FORMATTED_LENGTH + 1]; apr_uuid_format((char *) &key, z->uuid); if (z->encoded && z->encoded[0]) { /* set the uuid in the cookie */ oidc_util_set_cookie(r, d->cookie, key, -1); /* store the string-encoded session in the cache */ c->cache->set(r, OIDC_CACHE_SECTION_SESSION, key, z->encoded, z->expiry); } else { /* clear the cookie */ oidc_util_set_cookie(r, d->cookie, "", 0); /* remove the session from the cache */ c->cache->set(r, OIDC_CACHE_SECTION_SESSION, key, NULL, 0); } return APR_SUCCESS; }
/* * save the session to the cache using a cookie for the index */ static apr_byte_t oidc_session_save_cache(request_rec *r, oidc_session_t *z, apr_byte_t first_time) { oidc_cfg *c = ap_get_module_config(r->server->module_config, &auth_openidc_module); apr_byte_t rc = TRUE; if (z->state != NULL) { if (apr_strnatcmp(z->uuid, "") == 0) { /* get a new uuid for this session */ oidc_session_uuid_new(r, z); /* store the session id in the cache value so it allows us to detect cache corruption */ oidc_session_set(r, z, OIDC_SESSION_SESSION_ID, z->uuid); } /* store the string-encoded session in the cache; encryption depends on cache backend settings */ char *s_value = NULL; if (oidc_session_encode(r, c, z, &s_value, FALSE) == FALSE) return FALSE; rc = oidc_cache_set_session(r, z->uuid, s_value, z->expiry); if (rc == TRUE) /* set the uuid in the cookie */ oidc_util_set_cookie(r, oidc_cfg_dir_cookie(r), z->uuid, c->persistent_session_cookie ? z->expiry : -1, c->cookie_same_site ? (first_time ? OIDC_COOKIE_EXT_SAME_SITE_LAX : OIDC_COOKIE_EXT_SAME_SITE_STRICT) : NULL); } else { /* clear the cookie */ oidc_util_set_cookie(r, oidc_cfg_dir_cookie(r), "", 0, NULL); /* remove the session from the cache */ rc = oidc_cache_set_session(r, z->uuid, NULL, 0); } return rc; }
static apr_status_t oidc_session_save_cookie(request_rec *r, session_rec *z) { oidc_dir_cfg *d = ap_get_module_config(r->per_dir_config, &auth_openidc_module); char *cookieValue = ""; if (z->encoded && z->encoded[0]) { oidc_encrypt_base64url_encode_string(r, &cookieValue, z->encoded); } oidc_util_set_cookie(r, d->cookie, cookieValue, -1); return APR_SUCCESS; }
/* * load the session from the cache using the cookie as the index */ static apr_byte_t oidc_session_load_cache(request_rec *r, oidc_session_t *z) { oidc_cfg *c = ap_get_module_config(r->server->module_config, &auth_openidc_module); const char *stored_uuid = NULL; apr_byte_t rc = FALSE; /* get the cookie that should be our uuid/key */ char *uuid = oidc_util_get_cookie(r, oidc_cfg_dir_cookie(r)); /* get the string-encoded session from the cache based on the key; decryption is based on the cache backend config */ if (uuid != NULL) { char *s_json = NULL; rc = oidc_cache_get_session(r, uuid, &s_json); if ((rc == TRUE) && (s_json != NULL)) { rc = oidc_session_decode(r, c, z, s_json, FALSE); if (rc == TRUE) { strncpy(z->uuid, uuid, strlen(uuid)); /* compare the session id in the cache value so it allows us to detect cache corruption */ oidc_session_get(r, z, OIDC_SESSION_SESSION_ID, &stored_uuid); if ((stored_uuid == NULL) || (apr_strnatcmp(stored_uuid, uuid) != 0)) { oidc_error(r, "cache corruption detected: stored session id (%s) is not equal to requested session id (%s)", stored_uuid, uuid); /* delete the session cookie */ oidc_util_set_cookie(r, oidc_cfg_dir_cookie(r), "", 0, NULL); /* delete the cache entry */ rc = oidc_cache_set_session(r, z->uuid, NULL, 0); /* clear the session */ oidc_session_clear(r, z); rc = FALSE; } } } } return rc; }
static apr_status_t oidc_session_save_cookie(request_rec *r, session_rec *z) { oidc_cfg *c = ap_get_module_config(r->server->module_config, &auth_openidc_module); oidc_dir_cfg *d = ap_get_module_config(r->per_dir_config, &auth_openidc_module); char *cookieValue = ""; if (z->encoded && z->encoded[0]) { if (oidc_encrypt_base64url_encode_string(r, &cookieValue, z->encoded) <= 0) { oidc_error(r, "oidc_encrypt_base64url_encode_string failed"); return APR_EGENERAL; } } oidc_util_set_cookie(r, d->cookie, cookieValue, c->persistent_session_cookie ? z->expiry : -1); return APR_SUCCESS; }