mirror of
https://github.com/xcat2/confluent.git
synced 2024-11-25 19:10:10 +00:00
Allow session id through header
This permits a client to exert finer grained control over the session id than provided by cookie.
This commit is contained in:
parent
68f9688292
commit
75f0aaeee9
@ -288,12 +288,16 @@ def _authorize_request(env, operation, reqbody):
|
||||
authdata = auth.authorize(name, element=element, operation=operation)
|
||||
else:
|
||||
element = None
|
||||
if (not authdata) and 'HTTP_COOKIE' in env:
|
||||
cidx = (env['HTTP_COOKIE']).find('confluentsessionid=')
|
||||
if cidx >= 0:
|
||||
sessionid = env['HTTP_COOKIE'][cidx+19:cidx+51]
|
||||
sessid = sessionid
|
||||
if not authdata:
|
||||
if 'HTTP_CONFLUENTSESSION' in env:
|
||||
sessionid = env['HTTP_CONFLUENTSESSION']
|
||||
sessid = sessionid
|
||||
elif 'HTTP_COOKIE' in env:
|
||||
cidx = (env['HTTP_COOKIE']).find('confluentsessionid=')
|
||||
if cidx >= 0:
|
||||
sessionid = env['HTTP_COOKIE'][cidx+19:cidx+51]
|
||||
sessid = sessionid
|
||||
if sessionid:
|
||||
if sessionid in httpsessions:
|
||||
if _csrf_valid(env, httpsessions[sessionid]):
|
||||
if env['PATH_INFO'] == '/sessions/current/logout':
|
||||
|
Loading…
Reference in New Issue
Block a user