xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-22 09:32:21 +00:00
Code Issues Projects Releases Wiki Activity

Allow session id through header

Browse Source 
This permits a client to exert finer grained control
over the session id
than provided by cookie.
This commit is contained in:
Jarrod Johnson 2023-06-08 11:30:32 -04:00
parent 68f9688292
commit 75f0aaeee9
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
confluent_server/confluent/httpapi.py
View File

@ -288,12 +288,16 @@ def _authorize_request(env, operation, reqbody):
authdata = auth.authorize(name, element=element, operation=operation)
else:
element = None
if (not authdata) and 'HTTP_COOKIE' in env:
cidx = (env['HTTP_COOKIE']).find('confluentsessionid=')
if cidx >= 0:
sessionid = env['HTTP_COOKIE'][cidx+19:cidx+51]
sessid = sessionid
if not authdata:
if 'HTTP_CONFLUENTSESSION' in env:
sessionid = env['HTTP_CONFLUENTSESSION']
sessid = sessionid
elif 'HTTP_COOKIE' in env:
cidx = (env['HTTP_COOKIE']).find('confluentsessionid=')
if cidx >= 0:
sessionid = env['HTTP_COOKIE'][cidx+19:cidx+51]
sessid = sessionid
if sessionid:
if sessionid in httpsessions:
if _csrf_valid(env, httpsessions[sessionid]):
if env['PATH_INFO'] == '/sessions/current/logout':