Skip to content
Projects
Groups
Snippets
Help
Loading...
Sign in
Toggle navigation
B
beego
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
go
beego
Commits
aaf6e775
Commit
aaf6e775
authored
Oct 13, 2016
by
astaxie
Committed by
GitHub
Oct 13, 2016
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #2216 from WatchtowerSecurity/httponlyfix
HTTPOnly Configurable
parents
2f6fc3f6
5488a5bb
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
8 additions
and
3 deletions
+8
-3
admin_test.go
admin_test.go
+1
-0
config.go
config.go
+2
-0
hooks.go
hooks.go
+1
-0
session.go
session/session.go
+4
-3
No files found.
admin_test.go
View file @
aaf6e775
...
...
@@ -65,6 +65,7 @@ func oldMap() map[string]interface{} {
m
[
"BConfig.WebConfig.Session.SessionCookieLifeTime"
]
=
BConfig
.
WebConfig
.
Session
.
SessionCookieLifeTime
m
[
"BConfig.WebConfig.Session.SessionAutoSetCookie"
]
=
BConfig
.
WebConfig
.
Session
.
SessionAutoSetCookie
m
[
"BConfig.WebConfig.Session.SessionDomain"
]
=
BConfig
.
WebConfig
.
Session
.
SessionDomain
m
[
"BConfig.WebConfig.Session.SessionDisableHTTPOnly"
]
=
BConfig
.
WebConfig
.
Session
.
SessionDisableHTTPOnly
m
[
"BConfig.Log.AccessLogs"
]
=
BConfig
.
Log
.
AccessLogs
m
[
"BConfig.Log.FileLineNum"
]
=
BConfig
.
Log
.
FileLineNum
m
[
"BConfig.Log.Outputs"
]
=
BConfig
.
Log
.
Outputs
...
...
config.go
View file @
aaf6e775
...
...
@@ -94,6 +94,7 @@ type SessionConfig struct {
SessionCookieLifeTime
int
SessionAutoSetCookie
bool
SessionDomain
string
SessionDisableHTTPOnly
bool
// used to allow for cross domain cookies/javascript cookies.
EnableSidInHttpHeader
bool
// enable store/get the sessionId into/from http headers
SessionNameInHttpHeader
string
EnableSidInUrlQuery
bool
// enable get the sessionId from Url Query params
...
...
@@ -226,6 +227,7 @@ func newBConfig() *Config {
SessionName
:
"beegosessionID"
,
SessionGCMaxLifetime
:
3600
,
SessionProviderConfig
:
""
,
SessionDisableHTTPOnly
:
false
,
SessionCookieLifeTime
:
0
,
//set cookie default is the browser life
SessionAutoSetCookie
:
true
,
SessionDomain
:
""
,
...
...
hooks.go
View file @
aaf6e775
...
...
@@ -53,6 +53,7 @@ func registerSession() error {
conf
.
Secure
=
BConfig
.
Listen
.
EnableHTTPS
conf
.
CookieLifeTime
=
BConfig
.
WebConfig
.
Session
.
SessionCookieLifeTime
conf
.
ProviderConfig
=
filepath
.
ToSlash
(
BConfig
.
WebConfig
.
Session
.
SessionProviderConfig
)
conf
.
DisableHTTPOnly
=
BConfig
.
WebConfig
.
Session
.
SessionDisableHTTPOnly
conf
.
Domain
=
BConfig
.
WebConfig
.
Session
.
SessionDomain
conf
.
EnableSidInHttpHeader
=
BConfig
.
WebConfig
.
Session
.
EnableSidInHttpHeader
conf
.
SessionNameInHttpHeader
=
BConfig
.
WebConfig
.
Session
.
SessionNameInHttpHeader
...
...
session/session.go
View file @
aaf6e775
...
...
@@ -86,6 +86,7 @@ type ManagerConfig struct {
EnableSetCookie
bool
`json:"enableSetCookie,omitempty"`
Gclifetime
int64
`json:"gclifetime"`
Maxlifetime
int64
`json:"maxLifetime"`
DisableHTTPOnly
bool
`json:"disableHTTPOnly"`
Secure
bool
`json:"secure"`
CookieLifeTime
int
`json:"cookieLifeTime"`
ProviderConfig
string
`json:"providerConfig"`
...
...
@@ -212,7 +213,7 @@ func (manager *Manager) SessionStart(w http.ResponseWriter, r *http.Request) (se
Name
:
manager
.
config
.
CookieName
,
Value
:
url
.
QueryEscape
(
sid
),
Path
:
"/"
,
HttpOnly
:
true
,
HttpOnly
:
!
manager
.
config
.
DisableHTTPOnly
,
Secure
:
manager
.
isSecure
(
r
),
Domain
:
manager
.
config
.
Domain
,
}
...
...
@@ -251,7 +252,7 @@ func (manager *Manager) SessionDestroy(w http.ResponseWriter, r *http.Request) {
expiration
:=
time
.
Now
()
cookie
=
&
http
.
Cookie
{
Name
:
manager
.
config
.
CookieName
,
Path
:
"/"
,
HttpOnly
:
true
,
HttpOnly
:
!
manager
.
config
.
DisableHTTPOnly
,
Expires
:
expiration
,
MaxAge
:
-
1
}
...
...
@@ -285,7 +286,7 @@ func (manager *Manager) SessionRegenerateID(w http.ResponseWriter, r *http.Reque
cookie
=
&
http
.
Cookie
{
Name
:
manager
.
config
.
CookieName
,
Value
:
url
.
QueryEscape
(
sid
),
Path
:
"/"
,
HttpOnly
:
true
,
HttpOnly
:
!
manager
.
config
.
DisableHTTPOnly
,
Secure
:
manager
.
isSecure
(
r
),
Domain
:
manager
.
config
.
Domain
,
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment