CSmartPtr<CWebSession> CWebSock::GetSession() { if (!m_spSession.IsNull()) { return m_spSession; } const CString sCookieSessionId = GetRequestCookie("SessionId"); CSmartPtr<CWebSession> *pSession = Sessions.m_mspSessions.GetItem(sCookieSessionId); if (pSession != NULL) { // Refresh the timeout Sessions.m_mspSessions.AddItem((*pSession)->GetId(), *pSession); (*pSession)->UpdateLastActive(); m_spSession = *pSession; DEBUG("Found existing session from cookie: [" + sCookieSessionId + "] IsLoggedIn(" + CString((*pSession)->IsLoggedIn() ? "true" : "false") + ")"); return *pSession; } if (Sessions.m_mIPSessions.count(GetRemoteIP()) > m_uiMaxSessions) { pair<mIPSessionsIterator, mIPSessionsIterator> p = Sessions.m_mIPSessions.equal_range(GetRemoteIP()); mIPSessionsIterator it = std::min_element(p.first, p.second, compareLastActive); DEBUG("Remote IP: " << GetRemoteIP() << "; discarding session [" << it->second->GetId() << "]"); Sessions.m_mspSessions.RemItem(it->second->GetId()); } CString sSessionID; do { sSessionID = CString::RandomString(32); sSessionID += ":" + GetRemoteIP() + ":" + CString(GetRemotePort()); sSessionID += ":" + GetLocalIP() + ":" + CString(GetLocalPort()); sSessionID += ":" + CString(time(NULL)); sSessionID = sSessionID.SHA256(); DEBUG("Auto generated session: [" + sSessionID + "]"); } while (Sessions.m_mspSessions.HasItem(sSessionID)); CSmartPtr<CWebSession> spSession(new CWebSession(sSessionID, GetRemoteIP())); Sessions.m_mspSessions.AddItem(spSession->GetId(), spSession); m_spSession = spSession; return spSession; }
CString HMAC_SHA256(const CString& sKey, const CString& sData) { CString sRealKey; if (sKey.length() > 64) PackHex(sKey.SHA256(), sRealKey); else sRealKey = sKey; CString sOuterKey, sInnerKey; CString::size_type iKeyLength = sRealKey.length(); for (unsigned int i = 0; i < 64; i++) { char r = (i < iKeyLength ? sRealKey[i] : '\0'); sOuterKey += r ^ 0x5c; sInnerKey += r ^ 0x36; } CString sInnerHash; PackHex(CString(sInnerKey + sData).SHA256(), sInnerHash); return CString(sOuterKey + sInnerHash).SHA256(); }
CSmartPtr<CWebSession> CWebSock::GetSession() { if (!m_spSession.IsNull()) { return m_spSession; } const CString sCookieSessionId = GetRequestCookie("SessionId"); CSmartPtr<CWebSession> *pSession = Sessions.m_mspSessions.GetItem(sCookieSessionId); if (pSession != NULL) { // Refresh the timeout Sessions.m_mspSessions.AddItem((*pSession)->GetId(), *pSession); m_spSession = *pSession; DEBUG("Found existing session from cookie: [" + sCookieSessionId + "] IsLoggedIn(" + CString((*pSession)->IsLoggedIn() ? "true" : "false") + ")"); return *pSession; } if (Sessions.m_mIPSessions.count(GetRemoteIP()) > m_uiMaxSessions) { mIPSessionsIterator it = Sessions.m_mIPSessions.find(GetRemoteIP()); Sessions.m_mIPSessions.erase(it); } CString sSessionID; do { sSessionID = CString::RandomString(32); sSessionID += ":" + GetRemoteIP() + ":" + CString(GetRemotePort()); sSessionID += ":" + GetLocalIP() + ":" + CString(GetLocalPort()); sSessionID += ":" + CString(time(NULL)); sSessionID = sSessionID.SHA256(); DEBUG("Auto generated session: [" + sSessionID + "]"); } while (Sessions.m_mspSessions.HasItem(sSessionID)); CSmartPtr<CWebSession> spSession(new CWebSession(sSessionID, GetRemoteIP())); Sessions.m_mspSessions.AddItem(spSession->GetId(), spSession); m_spSession = spSession; return spSession; }