Add MellonCookieDomain and MellonCookiePath directives

These allows respectively to set the domain and the path of the domain
of the mellon cookie. Without these the domain defaults to the domain
return by ap_get_server_name() (see
http://httpd.apache.org/dev/apidoc/apidoc_ap_get_server_name.html)
and the path to "/".

git-svn-id: https://modmellon.googlecode.com/svn/trunk@120 a716ebb1-153a-0410-b759-cfb97c6a1b53

4 files changed, 53 insertions, 4 deletions

diff --git a/README b/README
index 1b681dc..359e73e 100644
--- a/README
+++ b/README
@@ -186,6 +186,17 @@ MellonPostCount 100
         # Default: Off
         MellonSecureCookie On
 
+        # MellonCookieDomain allows to specify of the cookie which auth_mellon
+        # will set.
+        # Default: the domain for the received request (the Host: header if
+        # present, of the ServerName of the VirtualHost declaration, or if
+        # absent a reverse resolution on the local IP)
+        # MellonCookieDomain example.com
+
+        # MellonCookiePath is the path of the cookie which auth_mellon will set.
+        # Default: /
+        MellonCookiePath /
+
         # MellonUser selects which attribute we should use for the username.
         # The username is passed on to other apache modules and to the web
         # page the user visits. NAME_ID is an attribute which we set to
diff --git a/auth_mellon.h b/auth_mellon.h
index af7a74d..452fdea 100644
--- a/auth_mellon.h
+++ b/auth_mellon.h
@@ -163,6 +163,8 @@ typedef struct am_dir_cfg_rec {
 
     const char *varname;
     int secure;
+    const char *cookie_domain;
+    const char *cookie_path;
     apr_array_header_t *cond;
     apr_hash_t *envattr;
     const char *userattr;
diff --git a/auth_mellon_config.c b/auth_mellon_config.c
index 52e80b2..2056e0a 100644
--- a/auth_mellon_config.c
+++ b/auth_mellon_config.c
@@ -817,6 +817,22 @@ const command_rec auth_mellon_commands[] = {
         " secure flags set. Default is off."
         ),
     AP_INIT_TAKE1(
+        "MellonCookieDomain",
+        ap_set_string_slot,
+        (void *)APR_OFFSETOF(am_dir_cfg_rec, cookie_domain),
+        OR_AUTHCFG,
+        "The domain of the cookie which auth_mellon will set. Defaults to"
+        " the domain of the current request."
+        ),
+    AP_INIT_TAKE1(
+        "MellonCookiePath",
+        ap_set_string_slot,
+        (void *)APR_OFFSETOF(am_dir_cfg_rec, cookie_path),
+        OR_AUTHCFG,
+        "The path of the cookie which auth_mellon will set. Defaults to"
+        " '/'."
+        ),
+    AP_INIT_TAKE1(
         "MellonUser",
         ap_set_string_slot,
         (void *)APR_OFFSETOF(am_dir_cfg_rec, userattr),
@@ -1051,6 +1067,8 @@ void *auth_mellon_dir_config(apr_pool_t *p, char *d)
     dir->varname = default_cookie_name;
     dir->secure = default_secure_cookie;
     dir->cond = apr_array_make(p, 0, sizeof(am_cond_t));
+    dir->cookie_domain = NULL;
+    dir->cookie_path = NULL;
     dir->envattr   = apr_hash_make(p);
     dir->userattr  = default_user_attribute;
     dir->idpattr  = NULL;
@@ -1123,11 +1141,18 @@ void *auth_mellon_dir_merge(apr_pool_t *p, void *base, void *add)
                         add_cfg->varname :
                         base_cfg->varname);
 
-    
+
     new_cfg->secure = (add_cfg->secure != default_secure_cookie ?
                         add_cfg->secure :
                         base_cfg->secure);
 
+    new_cfg->cookie_domain = (add_cfg->cookie_domain != NULL ?
+                        add_cfg->cookie_domain :
+                        base_cfg->cookie_domain);
+
+    new_cfg->cookie_path = (add_cfg->cookie_path != NULL ?
+                        add_cfg->cookie_path :
+                        base_cfg->cookie_path);
 
     new_cfg->cond = apr_array_copy(p,
                                    (!apr_is_empty_array(add_cfg->cond)) ?
diff --git a/auth_mellon_cookie.c b/auth_mellon_cookie.c
index b7453ad..b321651 100644
--- a/auth_mellon_cookie.c
+++ b/auth_mellon_cookie.c
@@ -141,16 +141,27 @@ void am_cookie_set(request_rec *r, const char *id)
     const char *name;
     char *cookie;
     int secure_cookie;
+    const char *cookie_domain = ap_get_server_name(r);
+    const char *cookie_path = "/";
+    am_dir_cfg_rec *cfg = am_get_dir_cfg(r);
 
     if (id == NULL)
         return;
 
-    secure_cookie = ((am_dir_cfg_rec *)am_get_dir_cfg(r))->secure;
+    if (cfg->cookie_domain) {
+        cookie_domain = cfg->cookie_domain;
+    }
+
+    if (cfg->cookie_path) {
+        cookie_path = cfg->cookie_path;
+    }
+
+    secure_cookie = cfg->secure;
     name = am_cookie_name(r);
 
     cookie = apr_psprintf(r->pool,
-                         "%s=%s; Version=1; Path=/; Domain=%s%s;",
-                         name, id, r->server->server_hostname,
+                         "%s=%s; Version=1; Path=%s; Domain=%s%s;",
+                         name, id, cookie_path, cookie_domain,
                          secure_cookie ? "; HttpOnly; secure" : "");
     ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
                  "cookie_set: %s", cookie);