+wcsession *FindSession(wcsession **wclist, ParsedHttpHdrs *Hdr, pthread_mutex_t *ListMutex)
+{
+ wcsession *sptr, *TheSession = NULL;
+
+ pthread_mutex_lock(ListMutex);
+ for (sptr = *wclist;
+ ((sptr != NULL) && (TheSession == NULL));
+ sptr = sptr->next) {
+
+ /** If HTTP-AUTH, look for a session with matching credentials */
+ switch (Hdr->HR.got_auth)
+ {
+ case AUTH_BASIC:
+ if ( (Hdr->HR.SessionKey != sptr->SessionKey))
+ continue;
+ GetAuthBasic(Hdr);
+ if ((!strcasecmp(ChrPtr(Hdr->c_username), ChrPtr(sptr->wc_username))) &&
+ (!strcasecmp(ChrPtr(Hdr->c_password), ChrPtr(sptr->wc_password))) )
+ TheSession = sptr;
+ break;
+ case AUTH_COOKIE:
+ /** If cookie-session, look for a session with matching session ID */
+ if ( (Hdr->HR.desired_session != 0) &&
+ (sptr->wc_session == Hdr->HR.desired_session))
+ TheSession = sptr;
+ break;
+ case NO_AUTH:
+ break;
+ }
+ }
+ pthread_mutex_unlock(ListMutex);
+ return TheSession;
+}
+
+wcsession *CreateSession(int Lockable, wcsession **wclist, ParsedHttpHdrs *Hdr, pthread_mutex_t *ListMutex)
+{
+ wcsession *TheSession;
+ lprintf(3, "Creating a new session\n");
+ TheSession = (wcsession *)
+ malloc(sizeof(wcsession));
+ memset(TheSession, 0, sizeof(wcsession));
+ TheSession->Hdr = Hdr;
+ TheSession->SessionKey = Hdr->HR.SessionKey;
+ TheSession->serv_sock = (-1);
+ TheSession->chat_sock = (-1);
+ TheSession->is_mobile = -1;
+
+ pthread_setspecific(MyConKey, (void *)TheSession);
+
+ /* If we're recreating a session that expired, it's best to give it the same
+ * session number that it had before. The client browser ought to pick up
+ * the new session number and start using it, but in some rare situations it
+ * doesn't, and that's a Bad Thing because it causes lots of spurious sessions
+ * to get created.
+ */
+ if (Hdr->HR.desired_session == 0) {
+ TheSession->wc_session = GenerateSessionID();
+ }
+ else {
+ TheSession->wc_session = Hdr->HR.desired_session;
+ }