Ajout du paramètre Samesite=Strict dans le cookie de session

This commit is contained in:
kitoy 2023-04-12 00:25:47 +02:00
parent 811ebb8ca0
commit 98b3fbb3e8
1 changed files with 11 additions and 2 deletions

View File

@ -173,6 +173,8 @@ portal_user_load(struct http_request *req)
int rc = 0; int rc = 0;
sqlite3_stmt *res= NULL; sqlite3_stmt *res= NULL;
sqlite3 *db = NULL; sqlite3 *db = NULL;
char *cookie_session = NULL;
char *cookie_samesite = NULL;
char *cookie = NULL; char *cookie = NULL;
char *session_id = NULL; char *session_id = NULL;
@ -258,10 +260,14 @@ portal_user_load(struct http_request *req)
ht_set(hashtable, session_id, login); ht_set(hashtable, session_id, login);
kore_log(LOG_NOTICE, "on a ajouté le sessions dans la hastable"); kore_log(LOG_NOTICE, "on a ajouté le sessions dans la hastable");
cookie = set_cookie_header("session_id", '=', session_id); cookie_session = set_cookie_header("session_id", '=', session_id);
cookie_samesite = set_cookie_header("SameSite", '=', "Strict");
cookie = set_cookie_header(cookie_session, ';', cookie_samesite);
kore_log(LOG_NOTICE, "on a set le cookie dans les headers"); kore_log(LOG_NOTICE, "on a set le cookie dans les headers");
kore_buf_replace_string(b, "$msg$", "BRAVO !!!", 13); kore_buf_replace_string(b, "$msg$", "BRAVO !!!", 13);
free(session_id); free(session_id);
free(cookie_session);
free(cookie_samesite);
kore_log(LOG_NOTICE, "set cookie OK"); kore_log(LOG_NOTICE, "set cookie OK");
} }
@ -271,9 +277,12 @@ portal_user_load(struct http_request *req)
http_response_header(req, "content-type", "text/html"); http_response_header(req, "content-type", "text/html");
if (cookie != NULL) if (cookie != NULL)
{
http_response_header(req, "set-cookie", cookie); http_response_header(req, "set-cookie", cookie);
free(cookie);
}
d = kore_buf_release(b, &len); d = kore_buf_release(b, &len);
http_response_header(req, "location", "/portal/bienvenue"); http_response_header(req, "location", "/portal/bienvenue");
http_response(req, HTTP_STATUS_FOUND, NULL, 0); http_response(req, HTTP_STATUS_FOUND, NULL, 0);
kore_free(d); kore_free(d);