bool SessionManager::getSessionFromAction(
BtpAction* action, string& session, InternetAddress* ip)
{
bool rval = true;
// get client cookies
CookieJar jar;
jar.readCookies(action->getRequest()->getHeader(), CookieJar::Client);
// check for bitmunk-session cookie
Cookie cookie = jar.getCookie("bitmunk-session");
if(cookie.isNull())
{
ExceptionRef e = new Exception(
"No 'bitmunk-session' cookie.",
"bitmunk.webui.SessionManager.MissingCookie");
e->getDetails()["missingCookie"] = "bitmunk-session";
Exception::set(e);
rval = false;
}
else
{
// get session ID
session = cookie["value"]->getString();
}
if(rval)
{
// get IP
rval = action->getClientInternetAddress(ip);
}
return rval;
}
void CookieJar::deleteCookie(const char* name, bool secure)
{
Cookie cookie = getCookie(name);
if(cookie.isNull())
{
setCookie(name, "", 0, secure, false);
}
else
{
cookie["value"] = "";
cookie["maxAge"] = 0;
cookie["httpOnly"] = true;
}
}
void SessionManager::deleteSession(BtpAction* action)
{
// read session cookie from request header
CookieJar jar;
HttpHeader* header = action->getRequest()->getHeader();
jar.readCookies(header, CookieJar::Client);
Cookie cookie = jar.getCookie("bitmunk-session");
if(!cookie.isNull())
{
// get session value
const char* session = cookie["value"]->getString();
// lock to modify sessions
mSessionLock.lock();
{
// ensure the session is valid before removing it from the session
// manager (which is different from simply deleting the cookies on
// the client ... which is always permitted)
SessionMap::iterator i = mSessions.find(session);
if(i != mSessions.end())
{
InternetAddress ip;
if(action->getClientInternetAddress(&ip) &&
strcmp(ip.getAddress(), i->second.ip.c_str()) == 0)
{
// session valid, IP matches, so remove it
const char* tmp = i->first;
mSessions.erase(i);
free((char*)tmp);
}
}
}
mSessionLock.unlock();
}
// delete cookies in response header
jar.deleteCookie("bitmunk-session", COOKIES_SECURE);
jar.deleteCookie("bitmunk-user-id", COOKIES_SECURE);
jar.deleteCookie("bitmunk-username", COOKIES_SECURE);
header = action->getResponse()->getHeader();
jar.writeCookies(header, CookieJar::Server, false);
}
