bool SessionManager::getSessionFromAction( BtpAction* action, string& session, InternetAddress* ip) { bool rval = true; // get client cookies CookieJar jar; jar.readCookies(action->getRequest()->getHeader(), CookieJar::Client); // check for bitmunk-session cookie Cookie cookie = jar.getCookie("bitmunk-session"); if(cookie.isNull()) { ExceptionRef e = new Exception( "No 'bitmunk-session' cookie.", "bitmunk.webui.SessionManager.MissingCookie"); e->getDetails()["missingCookie"] = "bitmunk-session"; Exception::set(e); rval = false; } else { // get session ID session = cookie["value"]->getString(); } if(rval) { // get IP rval = action->getClientInternetAddress(ip); } return rval; }
void CookieJar::deleteCookie(const char* name, bool secure) { Cookie cookie = getCookie(name); if(cookie.isNull()) { setCookie(name, "", 0, secure, false); } else { cookie["value"] = ""; cookie["maxAge"] = 0; cookie["httpOnly"] = true; } }
void SessionManager::deleteSession(BtpAction* action) { // read session cookie from request header CookieJar jar; HttpHeader* header = action->getRequest()->getHeader(); jar.readCookies(header, CookieJar::Client); Cookie cookie = jar.getCookie("bitmunk-session"); if(!cookie.isNull()) { // get session value const char* session = cookie["value"]->getString(); // lock to modify sessions mSessionLock.lock(); { // ensure the session is valid before removing it from the session // manager (which is different from simply deleting the cookies on // the client ... which is always permitted) SessionMap::iterator i = mSessions.find(session); if(i != mSessions.end()) { InternetAddress ip; if(action->getClientInternetAddress(&ip) && strcmp(ip.getAddress(), i->second.ip.c_str()) == 0) { // session valid, IP matches, so remove it const char* tmp = i->first; mSessions.erase(i); free((char*)tmp); } } } mSessionLock.unlock(); } // delete cookies in response header jar.deleteCookie("bitmunk-session", COOKIES_SECURE); jar.deleteCookie("bitmunk-user-id", COOKIES_SECURE); jar.deleteCookie("bitmunk-username", COOKIES_SECURE); header = action->getResponse()->getHeader(); jar.writeCookies(header, CookieJar::Server, false); }