mirror of
https://github.com/kataras/iris.git
synced 2025-01-23 18:51:03 +01:00
change code duplication from update/delete cookie
Former-commit-id: 87980f8ca6dc61a4fc3d722b90967154a74afc91
This commit is contained in:
Chengyumeng
parent
8f32e991e8
commit
bb59ad8cf2
|
|
@ -52,37 +52,7 @@ func RemoveCookie(ctx context.Context, config Config) {
|
||||||
cookie.MaxAge = -1
|
cookie.MaxAge = -1
|
||||||
cookie.Value = ""
|
cookie.Value = ""
|
||||||
cookie.Path = "/"
|
cookie.Path = "/"
|
||||||
|
cookie.Domain = FormatCookieDomain(ctx, config.DisableSubdomainPersistence)
|
||||||
if !config.DisableSubdomainPersistence {
|
|
||||||
|
|
||||||
requestDomain := ctx.Host()
|
|
||||||
if portIdx := strings.IndexByte(requestDomain, ':'); portIdx > 0 {
|
|
||||||
requestDomain = requestDomain[0:portIdx]
|
|
||||||
}
|
|
||||||
if IsValidCookieDomain(requestDomain) {
|
|
||||||
|
|
||||||
// RFC2109, we allow level 1 subdomains, but no further
|
|
||||||
// if we have localhost.com , we want the localhost.cos.
|
|
||||||
// so if we have something like: mysubdomain.localhost.com we want the localhost here
|
|
||||||
// if we have mysubsubdomain.mysubdomain.localhost.com we want the .mysubdomain.localhost.com here
|
|
||||||
// slow things here, especially the 'replace' but this is a good and understable( I hope) way to get the be able to set cookies from subdomains & domain with 1-level limit
|
|
||||||
if dotIdx := strings.LastIndexByte(requestDomain, '.'); dotIdx > 0 {
|
|
||||||
// is mysubdomain.localhost.com || mysubsubdomain.mysubdomain.localhost.com
|
|
||||||
s := requestDomain[0:dotIdx] // set mysubdomain.localhost || mysubsubdomain.mysubdomain.localhost
|
|
||||||
if secondDotIdx := strings.LastIndexByte(s, '.'); secondDotIdx > 0 {
|
|
||||||
//is mysubdomain.localhost || mysubsubdomain.mysubdomain.localhost
|
|
||||||
s = s[secondDotIdx+1:] // set to localhost || mysubdomain.localhost
|
|
||||||
}
|
|
||||||
// replace the s with the requestDomain before the domain's siffux
|
|
||||||
subdomainSuff := strings.LastIndexByte(requestDomain, '.')
|
|
||||||
if subdomainSuff > len(s) { // if it is actual exists as subdomain suffix
|
|
||||||
requestDomain = strings.Replace(requestDomain, requestDomain[0:subdomainSuff], s, 1) // set to localhost.com || mysubdomain.localhost.com
|
|
||||||
}
|
|
||||||
}
|
|
||||||
// finally set the .localhost.com (for(1-level) || .mysubdomain.localhost.com (for 2-level subdomain allow)
|
|
||||||
cookie.Domain = "." + requestDomain // . to allow persistence
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
AddCookie(ctx, cookie, config.AllowReclaim)
|
AddCookie(ctx, cookie, config.AllowReclaim)
|
||||||
|
|
||||||
|
|
@ -121,3 +91,37 @@ func IsValidCookieDomain(domain string) bool {
|
||||||
|
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func FormatCookieDomain(ctx context.Context, DisableSubdomainPersistence bool) string {
|
||||||
|
if !DisableSubdomainPersistence {
|
||||||
|
|
||||||
|
requestDomain := ctx.Host()
|
||||||
|
if portIdx := strings.IndexByte(requestDomain, ':'); portIdx > 0 {
|
||||||
|
requestDomain = requestDomain[0:portIdx]
|
||||||
|
}
|
||||||
|
if IsValidCookieDomain(requestDomain) {
|
||||||
|
|
||||||
|
// RFC2109, we allow level 1 subdomains, but no further
|
||||||
|
// if we have localhost.com , we want the localhost.cos.
|
||||||
|
// so if we have something like: mysubdomain.localhost.com we want the localhost here
|
||||||
|
// if we have mysubsubdomain.mysubdomain.localhost.com we want the .mysubdomain.localhost.com here
|
||||||
|
// slow things here, especially the 'replace' but this is a good and understable( I hope) way to get the be able to set cookies from subdomains & domain with 1-level limit
|
||||||
|
if dotIdx := strings.LastIndexByte(requestDomain, '.'); dotIdx > 0 {
|
||||||
|
// is mysubdomain.localhost.com || mysubsubdomain.mysubdomain.localhost.com
|
||||||
|
s := requestDomain[0:dotIdx] // set mysubdomain.localhost || mysubsubdomain.mysubdomain.localhost
|
||||||
|
if secondDotIdx := strings.LastIndexByte(s, '.'); secondDotIdx > 0 {
|
||||||
|
//is mysubdomain.localhost || mysubsubdomain.mysubdomain.localhost
|
||||||
|
s = s[secondDotIdx+1:] // set to localhost || mysubdomain.localhost
|
||||||
|
}
|
||||||
|
// replace the s with the requestDomain before the domain's siffux
|
||||||
|
subdomainSuff := strings.LastIndexByte(requestDomain, '.')
|
||||||
|
if subdomainSuff > len(s) { // if it is actual exists as subdomain suffix
|
||||||
|
requestDomain = strings.Replace(requestDomain, requestDomain[0:subdomainSuff], s, 1) // set to localhost.com || mysubdomain.localhost.com
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// finally set the .localhost.com (for(1-level) || .mysubdomain.localhost.com (for 2-level subdomain allow)
|
||||||
|
return "." + requestDomain // . to allow persistence
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,6 @@ package sessions
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/kataras/iris/context"
|
"github.com/kataras/iris/context"
|
||||||
|
|
@ -44,37 +43,7 @@ func (s *Sessions) updateCookie(ctx context.Context, sid string, expires time.Du
|
||||||
|
|
||||||
cookie.Value = sid
|
cookie.Value = sid
|
||||||
cookie.Path = "/"
|
cookie.Path = "/"
|
||||||
if !s.config.DisableSubdomainPersistence {
|
cookie.Domain = FormatCookieDomain(ctx, s.config.DisableSubdomainPersistence)
|
||||||
|
|
||||||
requestDomain := ctx.Host()
|
|
||||||
if portIdx := strings.IndexByte(requestDomain, ':'); portIdx > 0 {
|
|
||||||
requestDomain = requestDomain[0:portIdx]
|
|
||||||
}
|
|
||||||
if IsValidCookieDomain(requestDomain) {
|
|
||||||
|
|
||||||
// RFC2109, we allow level 1 subdomains, but no further
|
|
||||||
// if we have localhost.com , we want the localhost.cos.
|
|
||||||
// so if we have something like: mysubdomain.localhost.com we want the localhost here
|
|
||||||
// if we have mysubsubdomain.mysubdomain.localhost.com we want the .mysubdomain.localhost.com here
|
|
||||||
// slow things here, especially the 'replace' but this is a good and understable( I hope) way to get the be able to set cookies from subdomains & domain with 1-level limit
|
|
||||||
if dotIdx := strings.LastIndexByte(requestDomain, '.'); dotIdx > 0 {
|
|
||||||
// is mysubdomain.localhost.com || mysubsubdomain.mysubdomain.localhost.com
|
|
||||||
s := requestDomain[0:dotIdx] // set mysubdomain.localhost || mysubsubdomain.mysubdomain.localhost
|
|
||||||
if secondDotIdx := strings.LastIndexByte(s, '.'); secondDotIdx > 0 {
|
|
||||||
//is mysubdomain.localhost || mysubsubdomain.mysubdomain.localhost
|
|
||||||
s = s[secondDotIdx+1:] // set to localhost || mysubdomain.localhost
|
|
||||||
}
|
|
||||||
// replace the s with the requestDomain before the domain's siffux
|
|
||||||
subdomainSuff := strings.LastIndexByte(requestDomain, '.')
|
|
||||||
if subdomainSuff > len(s) { // if it is actual exists as subdomain suffix
|
|
||||||
requestDomain = strings.Replace(requestDomain, requestDomain[0:subdomainSuff], s, 1) // set to localhost.com || mysubdomain.localhost.com
|
|
||||||
}
|
|
||||||
}
|
|
||||||
// finally set the .localhost.com (for(1-level) || .mysubdomain.localhost.com (for 2-level subdomain allow)
|
|
||||||
cookie.Domain = "." + requestDomain // . to allow persistence
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
cookie.HttpOnly = true
|
cookie.HttpOnly = true
|
||||||
// MaxAge=0 means no 'Max-Age' attribute specified.
|
// MaxAge=0 means no 'Max-Age' attribute specified.
|
||||||
// MaxAge<0 means delete cookie now, equivalently 'Max-Age: 0'
|
// MaxAge<0 means delete cookie now, equivalently 'Max-Age: 0'
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user