diff options
author | manu@netbsd.org <manu@netbsd.org@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2009-03-02 13:56:35 +0000 |
---|---|---|
committer | manu@netbsd.org <manu@netbsd.org@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2009-03-02 13:56:35 +0000 |
commit | d8890ecb44860a4a8a4057d262bdd1f3c790ee99 (patch) | |
tree | 932ab3121569bc155cd5312fcd7083ec79066dc4 /auth_mellon_config.c | |
parent | 7a1a61171ff594efd9da0884f483917f0e7750ea (diff) | |
download | mod_auth_mellon-d8890ecb44860a4a8a4057d262bdd1f3c790ee99.tar.gz mod_auth_mellon-d8890ecb44860a4a8a4057d262bdd1f3c790ee99.tar.xz mod_auth_mellon-d8890ecb44860a4a8a4057d262bdd1f3c790ee99.zip |
Add a MellonSecureCookie setting to enforce Secure + HttpOnly flags for
session cookies.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@40 a716ebb1-153a-0410-b759-cfb97c6a1b53
Diffstat (limited to 'auth_mellon_config.c')
-rw-r--r-- | auth_mellon_config.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/auth_mellon_config.c b/auth_mellon_config.c index f22b447..767663f 100644 --- a/auth_mellon_config.c +++ b/auth_mellon_config.c @@ -39,6 +39,10 @@ static const char *default_user_attribute = "NAME_ID"; */ static const char *default_cookie_name = "cookie"; +/* The default setting for cookie flags is to not enforce HttpOnly and secure + */ +static const int default_secure_cookie = 0; + /* This is the default IdP initiated login location * the MellonDefaultLoginPath configuration directive if you change this. */ @@ -352,6 +356,14 @@ const command_rec auth_mellon_commands[] = { " be 'mellon-cookie'." ), AP_INIT_TAKE1( + "MellonSecureCookie", + ap_set_flag_slot, + (void *)APR_OFFSETOF(am_dir_cfg_rec, secure), + OR_AUTHCFG, + "Whether the cookie set by auth_mellon should have HttpOnly and" + " secure flags set. Default is off." + ), + AP_INIT_TAKE1( "MellonUser", ap_set_string_slot, (void *)APR_OFFSETOF(am_dir_cfg_rec, userattr), @@ -480,6 +492,7 @@ void *auth_mellon_dir_config(apr_pool_t *p, char *d) dir->decoder = am_decoder_default; dir->varname = default_cookie_name; + dir->secure = default_secure_cookie; dir->require = apr_hash_make(p); dir->envattr = apr_hash_make(p); dir->userattr = default_user_attribute; @@ -541,6 +554,12 @@ void *auth_mellon_dir_merge(apr_pool_t *p, void *base, void *add) add_cfg->varname : base_cfg->varname); + + new_cfg->secure = (add_cfg->secure != default_secure_cookie ? + add_cfg->secure : + base_cfg->secure); + + new_cfg->require = apr_hash_copy(p, (apr_hash_count(add_cfg->require) > 0) ? add_cfg->require : |