From 3c05eafbc415af73e356b14595880619a408bd83 Mon Sep 17 00:00:00 2001 From: GrimTheReaper Date: Mon, 10 Oct 2016 09:50:34 -0500 Subject: [PATCH 1/3] HTTP Only Configurable --- admin_test.go | 1 + config.go | 2 ++ hooks.go | 1 + session/session.go | 7 ++++--- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/admin_test.go b/admin_test.go index 0bf985f2..1509268f 100644 --- a/admin_test.go +++ b/admin_test.go @@ -65,6 +65,7 @@ func oldMap() map[string]interface{} { m["BConfig.WebConfig.Session.SessionCookieLifeTime"] = BConfig.WebConfig.Session.SessionCookieLifeTime m["BConfig.WebConfig.Session.SessionAutoSetCookie"] = BConfig.WebConfig.Session.SessionAutoSetCookie m["BConfig.WebConfig.Session.SessionDomain"] = BConfig.WebConfig.Session.SessionDomain + m["BConfig.WebConfig.Session.DisableHTTPOnly"] = BConfig.WebConfig.Session.DisableHTTPOnly m["BConfig.Log.AccessLogs"] = BConfig.Log.AccessLogs m["BConfig.Log.FileLineNum"] = BConfig.Log.FileLineNum m["BConfig.Log.Outputs"] = BConfig.Log.Outputs diff --git a/config.go b/config.go index 3cf89583..a60c9395 100644 --- a/config.go +++ b/config.go @@ -94,6 +94,7 @@ type SessionConfig struct { SessionCookieLifeTime int SessionAutoSetCookie bool SessionDomain string + DisableHTTPOnly bool // used to allow for cross domain cookies/javascript cookies. EnableSidInHttpHeader bool // enable store/get the sessionId into/from http headers SessionNameInHttpHeader string EnableSidInUrlQuery bool // enable get the sessionId from Url Query params @@ -226,6 +227,7 @@ func newBConfig() *Config { SessionName: "beegosessionID", SessionGCMaxLifetime: 3600, SessionProviderConfig: "", + DisableHTTPOnly: false, SessionCookieLifeTime: 0, //set cookie default is the browser life SessionAutoSetCookie: true, SessionDomain: "", diff --git a/hooks.go b/hooks.go index 0c7d05fe..3beffb55 100644 --- a/hooks.go +++ b/hooks.go @@ -53,6 +53,7 @@ func registerSession() error { conf.Secure = BConfig.Listen.EnableHTTPS conf.CookieLifeTime = BConfig.WebConfig.Session.SessionCookieLifeTime conf.ProviderConfig = filepath.ToSlash(BConfig.WebConfig.Session.SessionProviderConfig) + conf.DisableHTTPOnly = BConfig.WebConfig.Session.DisableHTTPOnly conf.Domain = BConfig.WebConfig.Session.SessionDomain conf.EnableSidInHttpHeader = BConfig.WebConfig.Session.EnableSidInHttpHeader conf.SessionNameInHttpHeader = BConfig.WebConfig.Session.SessionNameInHttpHeader diff --git a/session/session.go b/session/session.go index 3c9d07ab..9df468ba 100644 --- a/session/session.go +++ b/session/session.go @@ -86,6 +86,7 @@ type ManagerConfig struct { EnableSetCookie bool `json:"enableSetCookie,omitempty"` Gclifetime int64 `json:"gclifetime"` Maxlifetime int64 `json:"maxLifetime"` + DisableHTTPOnly bool `json:"disableHTTPOnly"` Secure bool `json:"secure"` CookieLifeTime int `json:"cookieLifeTime"` ProviderConfig string `json:"providerConfig"` @@ -212,7 +213,7 @@ func (manager *Manager) SessionStart(w http.ResponseWriter, r *http.Request) (se Name: manager.config.CookieName, Value: url.QueryEscape(sid), Path: "/", - HttpOnly: true, + HttpOnly: !manager.config.DisableHTTPOnly, Secure: manager.isSecure(r), Domain: manager.config.Domain, } @@ -251,7 +252,7 @@ func (manager *Manager) SessionDestroy(w http.ResponseWriter, r *http.Request) { expiration := time.Now() cookie = &http.Cookie{Name: manager.config.CookieName, Path: "/", - HttpOnly: true, + HttpOnly: !manager.config.DisableHTTPOnly, Expires: expiration, MaxAge: -1} @@ -285,7 +286,7 @@ func (manager *Manager) SessionRegenerateID(w http.ResponseWriter, r *http.Reque cookie = &http.Cookie{Name: manager.config.CookieName, Value: url.QueryEscape(sid), Path: "/", - HttpOnly: true, + HttpOnly: !manager.config.DisableHTTPOnly, Secure: manager.isSecure(r), Domain: manager.config.Domain, } From 33f7f4667009dd1e4c7059b757f6b6b1985fa2ce Mon Sep 17 00:00:00 2001 From: GrimTheReaper Date: Tue, 11 Oct 2016 10:49:19 -0500 Subject: [PATCH 2/3] Updated the name --- admin_test.go | 2 +- config.go | 4 ++-- hooks.go | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/admin_test.go b/admin_test.go index 1509268f..4b3656a8 100644 --- a/admin_test.go +++ b/admin_test.go @@ -65,7 +65,7 @@ func oldMap() map[string]interface{} { m["BConfig.WebConfig.Session.SessionCookieLifeTime"] = BConfig.WebConfig.Session.SessionCookieLifeTime m["BConfig.WebConfig.Session.SessionAutoSetCookie"] = BConfig.WebConfig.Session.SessionAutoSetCookie m["BConfig.WebConfig.Session.SessionDomain"] = BConfig.WebConfig.Session.SessionDomain - m["BConfig.WebConfig.Session.DisableHTTPOnly"] = BConfig.WebConfig.Session.DisableHTTPOnly + m["BConfig.WebConfig.Session.DisableHTTPOnly"] = BConfig.WebConfig.Session.SessionDisableHTTPOnly m["BConfig.Log.AccessLogs"] = BConfig.Log.AccessLogs m["BConfig.Log.FileLineNum"] = BConfig.Log.FileLineNum m["BConfig.Log.Outputs"] = BConfig.Log.Outputs diff --git a/config.go b/config.go index a60c9395..25b8dec6 100644 --- a/config.go +++ b/config.go @@ -94,7 +94,7 @@ type SessionConfig struct { SessionCookieLifeTime int SessionAutoSetCookie bool SessionDomain string - DisableHTTPOnly bool // used to allow for cross domain cookies/javascript cookies. + SessionDisableHTTPOnly bool // used to allow for cross domain cookies/javascript cookies. EnableSidInHttpHeader bool // enable store/get the sessionId into/from http headers SessionNameInHttpHeader string EnableSidInUrlQuery bool // enable get the sessionId from Url Query params @@ -227,7 +227,7 @@ func newBConfig() *Config { SessionName: "beegosessionID", SessionGCMaxLifetime: 3600, SessionProviderConfig: "", - DisableHTTPOnly: false, + SessionDisableHTTPOnly: false, SessionCookieLifeTime: 0, //set cookie default is the browser life SessionAutoSetCookie: true, SessionDomain: "", diff --git a/hooks.go b/hooks.go index 3beffb55..167a6306 100644 --- a/hooks.go +++ b/hooks.go @@ -53,7 +53,7 @@ func registerSession() error { conf.Secure = BConfig.Listen.EnableHTTPS conf.CookieLifeTime = BConfig.WebConfig.Session.SessionCookieLifeTime conf.ProviderConfig = filepath.ToSlash(BConfig.WebConfig.Session.SessionProviderConfig) - conf.DisableHTTPOnly = BConfig.WebConfig.Session.DisableHTTPOnly + conf.DisableHTTPOnly = BConfig.WebConfig.Session.SessionDisableHTTPOnly conf.Domain = BConfig.WebConfig.Session.SessionDomain conf.EnableSidInHttpHeader = BConfig.WebConfig.Session.EnableSidInHttpHeader conf.SessionNameInHttpHeader = BConfig.WebConfig.Session.SessionNameInHttpHeader From 5488a5bbd7a362d1eb27e12b518ba97fcd14e51c Mon Sep 17 00:00:00 2001 From: GrimTheReaper Date: Tue, 11 Oct 2016 11:06:22 -0500 Subject: [PATCH 3/3] Forgot to fix it here --- admin_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/admin_test.go b/admin_test.go index 4b3656a8..2348792e 100644 --- a/admin_test.go +++ b/admin_test.go @@ -65,7 +65,7 @@ func oldMap() map[string]interface{} { m["BConfig.WebConfig.Session.SessionCookieLifeTime"] = BConfig.WebConfig.Session.SessionCookieLifeTime m["BConfig.WebConfig.Session.SessionAutoSetCookie"] = BConfig.WebConfig.Session.SessionAutoSetCookie m["BConfig.WebConfig.Session.SessionDomain"] = BConfig.WebConfig.Session.SessionDomain - m["BConfig.WebConfig.Session.DisableHTTPOnly"] = BConfig.WebConfig.Session.SessionDisableHTTPOnly + m["BConfig.WebConfig.Session.SessionDisableHTTPOnly"] = BConfig.WebConfig.Session.SessionDisableHTTPOnly m["BConfig.Log.AccessLogs"] = BConfig.Log.AccessLogs m["BConfig.Log.FileLineNum"] = BConfig.Log.FileLineNum m["BConfig.Log.Outputs"] = BConfig.Log.Outputs