| authentication.hpp (1d869608fb671a2c5e80563c9fa8c630aa728346) | authentication.hpp (994fd86a3f6649a820f66313765e85e762ad105a) |
|---|---|
| 1#pragma once 2 3#include "common.hpp" 4#include "forward_unauthorized.hpp" 5#include "http_request.hpp" 6#include "http_response.hpp" 7#include "http_utility.hpp" 8#include "pam_authenticate.hpp" --- 185 unchanged lines hidden (view full) --- 194 // set cookie only if this is req from the browser. 195 if (reqHeader["User-Agent"].empty()) 196 { 197 BMCWEB_LOG_DEBUG << " TLS session: " << sp->uniqueId 198 << " will be used for this request."; 199 return sp; 200 } 201 // TODO: change this to not switch to cookie auth | 1#pragma once 2 3#include "common.hpp" 4#include "forward_unauthorized.hpp" 5#include "http_request.hpp" 6#include "http_response.hpp" 7#include "http_utility.hpp" 8#include "pam_authenticate.hpp" --- 185 unchanged lines hidden (view full) --- 194 // set cookie only if this is req from the browser. 195 if (reqHeader["User-Agent"].empty()) 196 { 197 BMCWEB_LOG_DEBUG << " TLS session: " << sp->uniqueId 198 << " will be used for this request."; 199 return sp; 200 } 201 // TODO: change this to not switch to cookie auth |
| 202 res.addHeader("Set-Cookie", | 202 res.addHeader(boost::beast::http::field::set_cookie, |
| 203 "XSRF-TOKEN=" + sp->csrfToken + | 203 "XSRF-TOKEN=" + sp->csrfToken + |
| 204 "; SameSite=Strict; Secure\r\nSet-Cookie: SESSION=" + 205 sp->sessionToken + 206 "; SameSite=Strict; Secure; HttpOnly\r\nSet-Cookie: " 207 "IsAuthenticated=true; Secure"); | 204 "; SameSite=Strict; Secure"); 205 res.addHeader(boost::beast::http::field::set_cookie, 206 "SESSION=" + sp->sessionToken + 207 "; SameSite=Strict; Secure; HttpOnly"); 208 res.addHeader(boost::beast::http::field::set_cookie, 209 "IsAuthenticated=true; Secure"); |
| 208 BMCWEB_LOG_DEBUG << " TLS session: " << sp->uniqueId 209 << " with cookie will be used for this request."; 210 return sp; 211 } 212 return nullptr; 213} 214#endif 215 --- 92 unchanged lines hidden --- | 210 BMCWEB_LOG_DEBUG << " TLS session: " << sp->uniqueId 211 << " with cookie will be used for this request."; 212 return sp; 213 } 214 return nullptr; 215} 216#endif 217 --- 92 unchanged lines hidden --- |