CSmartPtr<CWebSession> CWebSock::GetSession() {
if (!m_spSession.IsNull()) {
return m_spSession;
}
const CString sCookieSessionId = GetRequestCookie("SessionId");
CSmartPtr<CWebSession> *pSession = Sessions.m_mspSessions.GetItem(sCookieSessionId);
if (pSession != NULL) {
// Refresh the timeout
Sessions.m_mspSessions.AddItem((*pSession)->GetId(), *pSession);
(*pSession)->UpdateLastActive();
m_spSession = *pSession;
DEBUG("Found existing session from cookie: [" + sCookieSessionId + "] IsLoggedIn(" + CString((*pSession)->IsLoggedIn() ? "true" : "false") + ")");
return *pSession;
}
if (Sessions.m_mIPSessions.count(GetRemoteIP()) > m_uiMaxSessions) {
pair<mIPSessionsIterator, mIPSessionsIterator> p =
Sessions.m_mIPSessions.equal_range(GetRemoteIP());
mIPSessionsIterator it = std::min_element(p.first, p.second, compareLastActive);
DEBUG("Remote IP: " << GetRemoteIP() << "; discarding session [" << it->second->GetId() << "]");
Sessions.m_mspSessions.RemItem(it->second->GetId());
}
CString sSessionID;
do {
sSessionID = CString::RandomString(32);
sSessionID += ":" + GetRemoteIP() + ":" + CString(GetRemotePort());
sSessionID += ":" + GetLocalIP() + ":" + CString(GetLocalPort());
sSessionID += ":" + CString(time(NULL));
sSessionID = sSessionID.SHA256();
DEBUG("Auto generated session: [" + sSessionID + "]");
} while (Sessions.m_mspSessions.HasItem(sSessionID));
CSmartPtr<CWebSession> spSession(new CWebSession(sSessionID, GetRemoteIP()));
Sessions.m_mspSessions.AddItem(spSession->GetId(), spSession);
m_spSession = spSession;
return spSession;
}
CString HMAC_SHA256(const CString& sKey, const CString& sData) {
CString sRealKey;
if (sKey.length() > 64)
PackHex(sKey.SHA256(), sRealKey);
else
sRealKey = sKey;
CString sOuterKey, sInnerKey;
CString::size_type iKeyLength = sRealKey.length();
for (unsigned int i = 0; i < 64; i++) {
char r = (i < iKeyLength ? sRealKey[i] : '\0');
sOuterKey += r ^ 0x5c;
sInnerKey += r ^ 0x36;
}
CString sInnerHash;
PackHex(CString(sInnerKey + sData).SHA256(), sInnerHash);
return CString(sOuterKey + sInnerHash).SHA256();
}
CSmartPtr<CWebSession> CWebSock::GetSession() {
if (!m_spSession.IsNull()) {
return m_spSession;
}
const CString sCookieSessionId = GetRequestCookie("SessionId");
CSmartPtr<CWebSession> *pSession = Sessions.m_mspSessions.GetItem(sCookieSessionId);
if (pSession != NULL) {
// Refresh the timeout
Sessions.m_mspSessions.AddItem((*pSession)->GetId(), *pSession);
m_spSession = *pSession;
DEBUG("Found existing session from cookie: [" + sCookieSessionId + "] IsLoggedIn(" + CString((*pSession)->IsLoggedIn() ? "true" : "false") + ")");
return *pSession;
}
if (Sessions.m_mIPSessions.count(GetRemoteIP()) > m_uiMaxSessions) {
mIPSessionsIterator it = Sessions.m_mIPSessions.find(GetRemoteIP());
Sessions.m_mIPSessions.erase(it);
}
CString sSessionID;
do {
sSessionID = CString::RandomString(32);
sSessionID += ":" + GetRemoteIP() + ":" + CString(GetRemotePort());
sSessionID += ":" + GetLocalIP() + ":" + CString(GetLocalPort());
sSessionID += ":" + CString(time(NULL));
sSessionID = sSessionID.SHA256();
DEBUG("Auto generated session: [" + sSessionID + "]");
} while (Sessions.m_mspSessions.HasItem(sSessionID));
CSmartPtr<CWebSession> spSession(new CWebSession(sSessionID, GetRemoteIP()));
Sessions.m_mspSessions.AddItem(spSession->GetId(), spSession);
m_spSession = spSession;
return spSession;
}