michael/webmin
1
0
Fork 0
mirror of https://github.com/webmin/webmin.git synced 2026-06-22 20:20:28 +01:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Make the banner cookie HTTPS only

Browse Source
This commit is contained in:
Jamie Cameron
2025-04-29 10:37:38 -07:00
parent 5e00b93b5c
commit 910d011edd
1 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
session_login.cgi
View File

@@ -9,10 +9,18 @@ $pragma_no_cache = 1;
#$ENV{'MINISERV_INTERNAL'} || die "Can only be called by miniserv.pl";
&init_config();
&ReadParse(undef, undef, undef, 2);
# If accessed via HTTPS, make this an SSL-only cookie
&get_miniserv_config(\%miniserv);
$sec = uc($ENV{'HTTPS'}) eq 'ON' ? "; secure" : "";
if (!$miniserv{'no_httponly'}) {
$sec .= "; httpOnly";
}
if ($gconfig{'loginbanner'} && $ENV{'HTTP_COOKIE'} !~ /banner=1/ &&
!$in{'logout'} && !$in{'failed'} && !$in{'timed_out'}) {
# Show pre-login HTML page
print "Set-Cookie: banner=1; path=/\r\n";
print "Set-Cookie: banner=1; path=/".$sec."\r\n";
&PrintHeader();
$url = $in{'page'};
open(BANNER, "<$gconfig{'loginbanner'}");
@@ -23,15 +31,10 @@ if ($gconfig{'loginbanner'} && $ENV{'HTTP_COOKIE'} !~ /banner=1/ &&
close(BANNER);
return;
}
&get_miniserv_config(\%miniserv);
$sec = uc($ENV{'HTTPS'}) eq 'ON' ? "; secure" : "";
if (!$miniserv{'no_httponly'}) {
$sec .= "; httpOnly";
}
$sidname = $miniserv{'sidname'} || "sid";
print "Set-Cookie: banner=0; path=/$sec\r\n" if ($gconfig{'loginbanner'});
print "Set-Cookie: $sidname=x; path=/$sec\r\n" if ($in{'logout'});
print "Set-Cookie: testing=1; path=/$sec\r\n";
print "Set-Cookie: banner=0; path=/".$sec."\r\n" if ($gconfig{'loginbanner'});
print "Set-Cookie: $sidname=x; path=/".$sec."\r\n" if ($in{'logout'});
print "Set-Cookie: testing=1; path=/".$sec."\r\n";
$title = $text{'session_header'};
if ($gconfig{'showhost'}) {
$title = &get_display_hostname()." : ".$title;