/* Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License.
*/
/* User Tracking Module (Was mod_cookies.c) * * *** IMPORTANT NOTE: This module is not designed to generate * *** cryptographically secure cookies. This means you should not * *** use cookies generated by this module for authentication purposes * * This Apache module is designed to track users paths through a site. * It uses the client-side state ("Cookie") protocol developed by Netscape. * It is known to work on most browsers. * * Each time a page is requested we look to see if the browser is sending * us a Cookie: header that we previously generated. * * If we don't find one then the user hasn't been to this site since * starting their browser or their browser doesn't support cookies. So * we generate a unique Cookie for the transaction and send it back to * the browser (via a "Set-Cookie" header) * Future requests from the same browser should keep the same Cookie line. * * By matching up all the requests with the same cookie you can * work out exactly what path a user took through your site. To log * the cookie use the " %{Cookie}n " directive in a custom access log; * * Example 1 : If you currently use the standard Log file format (CLF) * and use the command "TransferLog somefilename", add the line * LogFormat "%h %l %u %t \"%r\" %s %b %{Cookie}n" * to your config file. * * Example 2 : If you used to use the old "CookieLog" directive, you * can emulate it by adding the following command to your config file * CustomLog filename "%{Cookie}n \"%r\" %t" * * Mark Cox, mjc@apache.org, 6 July 95 * * This file replaces mod_cookies.c
*/
typedefstruct { int enabled;
cookie_type_e style; constchar *cookie_name; constchar *cookie_domain; char *regexp_string; /* used to compile regexp; save for debugging */
ap_regex_t *regexp; /* used to find usertrack cookie in cookie header */ int is_secure; int is_httponly; constchar *samesite;
} cookie_dir_rec;
/* Make Cookie: Now we have to generate something that is going to be
* pretty unique. We can base it on the pid, time, hostip */
/* The goal is to end up with this regexp, * ^cookie_name=([^;,]+)|[;,][ \t]+cookie_name=([^;,]+) * with cookie_name obviously substituted either * with the real cookie name set by the user in httpd.conf, or with the
* default COOKIE_NAME. */
/* Anyway, we need to escape the cookie_name before pasting it * into the regex
*/ while (*sp) { if (!apr_isalnum(*sp)) {
++danger_chars;
}
++sp;
}
/* Do not run in subrequests */ if (!dcfg->enabled || r->main) { return DECLINED;
}
if ((cookie_header = apr_table_get(r->headers_in, "Cookie"))) { if (!ap_regexec(dcfg->regexp, cookie_header, NUM_SUBS, regm, 0)) { char *cookieval = NULL; int err = 0; /* Our regexp, * ^cookie_name=([^;]+)|;[ \t]+cookie_name=([^;]+) * only allows for $1 or $2 to be available. ($0 is always * filled with the entire matched expression, not just * the part in parentheses.) So just check for either one
* and assign to cookieval if present. */ if (regm[1].rm_so != -1) {
cookieval = ap_pregsub(r->pool, "$1", cookie_header,
NUM_SUBS, regm); if (cookieval == NULL)
err = 1;
} if (regm[2].rm_so != -1) {
cookieval = ap_pregsub(r->pool, "$2", cookie_header,
NUM_SUBS, regm); if (cookieval == NULL)
err = 1;
} if (err) {
ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, APLOGNO(01499) "Failed to extract cookie value (out of mem?)"); return HTTP_INTERNAL_SERVER_ERROR;
} /* Set the cookie in a note, for logging */
apr_table_setn(r->notes, "cookie", cookieval);
return DECLINED; /* There's already a cookie, no new one */
}
}
make_cookie(r); return OK; /* We set our cookie */
}
/* In case the user does not use the CookieName directive,
* we need to compile the regexp for the default cookie name. */
set_and_comp_regexp(dcfg, p, COOKIE_NAME);
if (dcfg->regexp == NULL) { return"Regular expression could not be compiled.";
} if (dcfg->regexp->re_nsub + 1 != NUM_SUBS) { return apr_pstrcat(cmd->pool, "Invalid cookie name \"",
name, "\"", NULL);
}
return NULL;
}
/* * Set the value for the 'Domain=' attribute.
*/ staticconstchar *set_cookie_domain(cmd_parms *cmd, void *mconfig, constchar *name)
{
cookie_dir_rec *dcfg;
dcfg = (cookie_dir_rec *) mconfig;
/* * Apply the restrictions on cookie domain attributes.
*/ if (!name[0]) { return"CookieDomain values may not be null";
} if (name[0] != '.') { return"CookieDomain values must begin with a dot";
} if (ap_strchr_c(&name[1], '.') == NULL) { return"CookieDomain values must contain at least one embedded dot";
}
dcfg->cookie_domain = name; return NULL;
}
/* * Make a note of the cookie style we should use.
*/ staticconstchar *set_cookie_style(cmd_parms *cmd, void *mconfig, constchar *name)
{
cookie_dir_rec *dcfg;
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung ist noch experimentell.
