izackp/Apollo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add expire time to auth cookies

Browse Source
This commit is contained in:
Yukino Song
2024-08-30 07:12:38 +08:00
parent 1c217d95f0
commit f58c1eabdb
2 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/confighttp.cpp
View File

@@ -54,6 +54,7 @@ namespace confighttp {
using req_https_t = std::shared_ptr<typename SimpleWeb::ServerBase<SimpleWeb::HTTPS>::Request>;
std::string sessionCookie;
static std::chrono::time_point<std::chrono::steady_clock> cookie_creation_time;
enum class op_e {
ADD, ///< Add client
@@ -151,6 +152,12 @@ namespace confighttp {
return false;
}
// Cookie has expired
if (std::chrono::steady_clock::now() - cookie_creation_time > SESSION_EXPIRE_DURATION) {
sessionCookie.clear();
return false;
}
auto cookies = request->header.find("cookie");
if (cookies == request->header.end()) {
return false;
@@ -745,6 +752,7 @@ namespace confighttp {
}
sessionCookie = crypto::rand_alphabet(64);
cookie_creation_time = std::chrono::steady_clock::now();
const SimpleWeb::CaseInsensitiveMultimap headers {
{ "Set-Cookie", "auth=" + sessionCookie + "; Secure; Max-Age=2592000; Path=/" }