[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-devel] [patch #9576] Adding authorization cookie management
From: |
Giuseppe Modugno |
Subject: |
[lwip-devel] [patch #9576] Adding authorization cookie management |
Date: |
Tue, 27 Feb 2018 04:39:01 -0500 (EST) |
User-agent: |
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 |
URL:
<http://savannah.nongnu.org/patch/?9576>
Summary: Adding authorization cookie management
Project: lwIP - A Lightweight TCP/IP stack
Submitted by: giusloq
Submitted on: Tue 27 Feb 2018 09:38:58 AM UTC
Category: apps
Priority: 5 - Normal
Status: None
Privacy: Public
Assigned to: None
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Planned Release: None
_______________________________________________________
Details:
I tried to add authorization cookie management to httpd. You have to enable
LWIP_HTTPD_SUPPORT_AUTH_COOKIE and define HTTP_AUTH_COOKIE_NAME (usually
"Auth") and HTTP_LOGIN_FILE (the name of the file that is returned to every
HTTP requests without a valid authorization cookie... it is usually the
login.html web page to force entering username/password).
The user should supply the function httpd_authorized_for_uri(const char
*auth_cookie, const char *uri). The function should return true if the uri can
be retrieved with that cookie.
My application creates a new session ID (random number) when the user enters
valid login data. The session ID is returned in a JSON "generated file" as the
answer to login request. The Javascript running in the client can save the
cookie, so it will be used in next requests.
The application could invalidate session IDs that aren't used for long times
(httpd_authorized_for_uri can restart the timer).
Another small change is with CGI handler function. In my application I needed
to check session ID in CGI handler, because the result changes depending on
the type of session ID (normal user, admin, and so on). In my case, I encoded
the type of the user inside the session ID.
Maybe the name of macros must be changed to be similar to the others in lwip.
I don't know lwip too much to create good macro names. Moreover, I think those
three macros must be added to httpd_opts.h with their default values.
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: Tue 27 Feb 2018 09:38:58 AM UTC Name: patch.diff Size: 5KiB By:
giusloq
<http://savannah.nongnu.org/patch/download.php?file_id=43407>
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/patch/?9576>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
- [lwip-devel] [patch #9576] Adding authorization cookie management,
Giuseppe Modugno <=