From 98b3fbb3e866b6945bbef2d7a0056cc312628575 Mon Sep 17 00:00:00 2001 From: kitoy Date: Wed, 12 Apr 2023 00:25:47 +0200 Subject: [PATCH] =?UTF-8?q?Ajout=20du=20param=C3=A8tre=20Samesite=3DStrict?= =?UTF-8?q?=20dans=20le=20cookie=20de=20session?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/portal_user.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/src/portal_user.c b/src/portal_user.c index 1fa3337..fa83785 100644 --- a/src/portal_user.c +++ b/src/portal_user.c @@ -173,6 +173,8 @@ portal_user_load(struct http_request *req) int rc = 0; sqlite3_stmt *res= NULL; sqlite3 *db = NULL; + char *cookie_session = NULL; + char *cookie_samesite = NULL; char *cookie = NULL; char *session_id = NULL; @@ -258,10 +260,14 @@ portal_user_load(struct http_request *req) ht_set(hashtable, session_id, login); kore_log(LOG_NOTICE, "on a ajouté le sessions dans la hastable"); - cookie = set_cookie_header("session_id", '=', session_id); + cookie_session = set_cookie_header("session_id", '=', session_id); + cookie_samesite = set_cookie_header("SameSite", '=', "Strict"); + cookie = set_cookie_header(cookie_session, ';', cookie_samesite); kore_log(LOG_NOTICE, "on a set le cookie dans les headers"); kore_buf_replace_string(b, "$msg$", "BRAVO !!!", 13); free(session_id); + free(cookie_session); + free(cookie_samesite); kore_log(LOG_NOTICE, "set cookie OK"); } @@ -271,9 +277,12 @@ portal_user_load(struct http_request *req) http_response_header(req, "content-type", "text/html"); if (cookie != NULL) + { http_response_header(req, "set-cookie", cookie); + free(cookie); + } d = kore_buf_release(b, &len); - + http_response_header(req, "location", "/portal/bienvenue"); http_response(req, HTTP_STATUS_FOUND, NULL, 0); kore_free(d);