antville/helma
antville/helma
1
1
Fork 0
Code Issues 5 Pull requests 7 Projects Releases 5 Activity Actions

Encode IP address in session cookie and check if it matches.

Browse source
This commit is contained in:
hns 2002-11-19 17:12:35 +00:00
parent 1e7dee5c80
commit b9b7e9988d
1 changed files with 14 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
src/helma/servlet/AbstractServletClient.java
View file

@ -132,18 +132,6 @@ public abstract class AbstractServletClient extends HttpServlet {
} catch (Exception badCookie) {}
}
// check if we need to create a session id
if (reqtrans.session == null) {
reqtrans.session = Long.toString (
Math.round (Math.random ()* Long.MAX_VALUE) -
System.currentTimeMillis (), 36);
Cookie c = new Cookie("HopSession", reqtrans.session);
c.setPath ("/");
if (cookieDomain != null)
c.setDomain (cookieDomain);
response.addCookie(c);
}
// do standard HTTP variables
String host = request.getHeader ("Host");
if (host != null) {
@ -160,7 +148,7 @@ public abstract class AbstractServletClient extends HttpServlet {
if (ifModifiedSince > -1)
reqtrans.setIfModifiedSince (ifModifiedSince);
} catch (IllegalArgumentException ignore) {}
String ifNoneMatch = request.getHeader ("If-None-Match");
if (ifNoneMatch != null)
reqtrans.setETags (ifNoneMatch);
@ -169,6 +157,19 @@ public abstract class AbstractServletClient extends HttpServlet {
if (remotehost != null)
reqtrans.set ("http_remotehost", remotehost);
// check if we need to create a session id. also handle the
// case that the session id doesn't match the remote host address
if (reqtrans.session == null || !reqtrans.session.startsWith (remotehost)) {
reqtrans.session = remotehost+"."+Long.toString (
Math.round (Math.random ()* Long.MAX_VALUE) -
System.currentTimeMillis (), 36);
Cookie c = new Cookie("HopSession", reqtrans.session);
c.setPath ("/");
if (cookieDomain != null)
c.setDomain (cookieDomain);
response.addCookie(c);
}
String browser = request.getHeader ("User-Agent");
if (browser != null)
reqtrans.set ("http_browser", browser);