From a2d82eeb8776a9c4c1d6eb0e8b59505535463bdd Mon Sep 17 00:00:00 2001 From: Art Cancro Date: Sat, 10 Mar 2007 21:03:36 +0000 Subject: [PATCH] When re-creating an expired session, re-use the session ID number that they had before. Although the client browser is supposed to pick up the new session ID from the next cookie and start using it, some badly configured clients do not do this, causing many new sessions to be created. --- webcit/context_loop.c | 15 ++++++++++++++- webcit/cookie_conversion.c | 12 ++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/webcit/context_loop.c b/webcit/context_loop.c index e276383f7..7f18c0976 100644 --- a/webcit/context_loop.c +++ b/webcit/context_loop.c @@ -441,7 +441,20 @@ void context_loop(int sock) memset(TheSession, 0, sizeof(struct wcsession)); TheSession->serv_sock = (-1); TheSession->chat_sock = (-1); - TheSession->wc_session = GenerateSessionID(); + + /* If we're recreating a session that expired, it's best to give it the same + * session number that it had before. The client browser ought to pick up + * the new session number and start using it, but in some rare situations it + * doesn't, and that's a Bad Thing because it causes lots of spurious sessions + * to get created. + */ + if (desired_session == 0) { + TheSession->wc_session = GenerateSessionID(); + } + else { + TheSession->wc_session = desired_session; + } + strcpy(TheSession->httpauth_user, httpauth_user); strcpy(TheSession->httpauth_pass, httpauth_pass); pthread_mutex_init(&TheSession->SessionMutex, NULL); diff --git a/webcit/cookie_conversion.c b/webcit/cookie_conversion.c index 24e29ce74..ad8717b07 100644 --- a/webcit/cookie_conversion.c +++ b/webcit/cookie_conversion.c @@ -86,6 +86,18 @@ void cookie_to_stuff(char *cookie, int *session, buf[i+1] = 0; } +/* debug + char t[256]; + extract_token(t, buf, 0, '|', sizeof t); + lprintf(9, "SESS: %s\n", t); + extract_token(t, buf, 1, '|', sizeof t); + lprintf(9, "USER: %s\n", t); + extract_token(t, buf, 2, '|', sizeof t); + lprintf(9, "PASS: %s\n", t); + extract_token(t, buf, 3, '|', sizeof t); + lprintf(9, "ROOM: %s\n", t); + debug */ + if (session != NULL) *session = extract_int(buf, 0); if (user != NULL) -- 2.30.2