From: rjk@greenend.org.uk <> Date: Sun, 23 Dec 2007 16:34:13 +0000 (+0000) Subject: never set an expired cookie; on logout, re-login as guest X-Git-Tag: 3.0~163 X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/disorder/commitdiff_plain/7f66f58b384d81cb04c6ed9c3844582762f5c698?hp=834e7c4afb9125d868f9f488976d17f66364efc0 never set an expired cookie; on logout, re-login as guest --- diff --git a/server/cgimain.c b/server/cgimain.c index 5acf9ea..ec63bf8 100644 --- a/server/cgimain.c +++ b/server/cgimain.c @@ -116,6 +116,9 @@ int main(int argc, char **argv) { disorder_cgi_error(&output, &s, "connect"); return 0; } + /* If there was a cookie but it went bad, we forget it */ + if(login_cookie && !strcmp(disorder_user(g.client), "guest")) + login_cookie = 0; /* TODO RFC 3875 s8.2 recommendations e.g. concerning PATH_INFO */ disorder_cgi(&output, &s); if(fclose(stdout) < 0) fatal(errno, "error closing stdout"); diff --git a/server/dcgi.c b/server/dcgi.c index f14d8bf..e81aac6 100644 --- a/server/dcgi.c +++ b/server/dcgi.c @@ -101,15 +101,7 @@ static const char *front_url(void) { return config->url; } -static void redirect(struct sink *output) { - const char *back; - - back = cgi_get("back"); - cgi_header(output, "Location", back && *back ? back : front_url()); - cgi_body(output); -} - -static void header_cookie(cgi_sink *output) { +static void header_cookie(struct sink *output) { struct dynstr d[1]; char *s; @@ -122,13 +114,25 @@ static void header_cookie(cgi_sink *output) { } dynstr_terminate(d); byte_xasprintf(&s, "disorder=\"%s\"", d->vec); /* TODO domain, path, expiry */ - cgi_header(output->sink, "Set-Cookie", s); - } + cgi_header(output, "Set-Cookie", s); + } else + /* Force browser to discard cookie */ + cgi_header(output, "Set-Cookie", "disorder=none;Max-Age=0"); +} + +static void redirect(struct sink *output) { + const char *back; + + back = cgi_get("back"); + cgi_header(output, "Location", back && *back ? back : front_url()); + header_cookie(output); + cgi_body(output); } static void expand_template(dcgi_state *ds, cgi_sink *output, const char *action) { cgi_header(output->sink, "Content-Type", "text/html"); + header_cookie(output->sink); cgi_body(output->sink); expand(output, action, ds); } @@ -271,6 +275,7 @@ static void act_playing(cgi_sink *output, dcgi_state *ds) { byte_snprintf(r, sizeof r, "%ld;url=%s", refresh > 0 ? refresh : 1, front_url()); cgi_header(output->sink, "Refresh", r); + header_cookie(output->sink); cgi_body(output->sink); expand(output, "playing", ds); } @@ -337,9 +342,11 @@ static void act_volume(cgi_sink *output, dcgi_state *ds) { * URL) */ cgi_header(output->sink, "Location", (back = cgi_get("back")) ? back : volume_url()); + header_cookie(output->sink); cgi_body(output->sink); } else { cgi_header(output->sink, "Content-Type", "text/html"); + header_cookie(output->sink); cgi_body(output->sink); expand(output, "volume", ds); } @@ -408,6 +415,7 @@ static void act_prefs(cgi_sink *output, dcgi_state *ds) { for(numfile = 0; numfile < nfiles; ++numfile) process_prefs(ds, numfile); cgi_header(output->sink, "Content-Type", "text/html"); + header_cookie(output->sink); cgi_body(output->sink); expand(output, "prefs", ds); } @@ -451,7 +459,7 @@ static void act_login(cgi_sink *output, return; } /* We have a new cookie */ - header_cookie(output); + header_cookie(output->sink); if((back = cgi_get("back")) && back) /* Redirect back to somewhere or other */ redirect(output->sink); @@ -464,6 +472,12 @@ static void act_logout(cgi_sink *output, dcgi_state *ds) { disorder_revoke(ds->g->client); login_cookie = 0; + /* Reconnect as guest */ + ds->g->client = disorder_new(0); + if(disorder_connect_cookie(ds->g->client, 0)) { + disorder_cgi_error(output, ds, "connect"); + exit(0); + } /* Back to the login page */ expand_template(ds, output, "login"); } @@ -1611,8 +1625,6 @@ static void perform_action(cgi_sink *output, dcgi_state *ds, const char *action) { int n; - /* If we have a login cookie it'd better appear in all responses */ - header_cookie(output); /* We don't ever want anything to be cached */ cgi_header(output->sink, "Cache-Control", "no-cache"); if((n = TABLE_FIND(actions, struct action, name, action)) >= 0)