X-Git-Url: http://git.archive.openwrt.org/?a=blobdiff_plain;f=modules%2Fluci-base%2Fluasrc%2Fdispatcher.lua;h=8b8d1fa3499cf03ce6c2542b67844bf39527bfff;hb=4ab6dcea9b7111a23ac6c3bc8d14cfb93a7a52ff;hp=f92af528e1a4af362c261baf066c03ba1e58f639;hpb=ec90cd69ed80ea4dfe8a9d44a42b155470c47b6b;p=project%2Fluci.git diff --git a/modules/luci-base/luasrc/dispatcher.lua b/modules/luci-base/luasrc/dispatcher.lua index f92af528e..8b8d1fa34 100644 --- a/modules/luci-base/luasrc/dispatcher.lua +++ b/modules/luci-base/luasrc/dispatcher.lua @@ -114,7 +114,14 @@ function authenticator.htmlauth(validator, accs, default) if context.urltoken.stok then context.urltoken.stok = nil - http.header("Set-Cookie", "sysauth=; path="..build_url()) + + local cookie = 'sysauth=%s; expires=%s; path=%s/' %{ + http.getcookie('sysauth') or 'x', + 'Thu, 01 Jan 1970 01:00:00 GMT', + build_url() + } + + http.header("Set-Cookie", cookie) http.redirect(build_url()) else require("luci.i18n") @@ -329,13 +336,14 @@ function dispatch(request) if not util.contains(accs, user) then if authen then local user, sess = authen(sys.user.checkpasswd, accs, def) + local token if not user or not util.contains(accs, user) then return else if not sess then local sdat = util.ubus("session", "create", { timeout = tonumber(luci.config.sauth.sessiontime) }) if sdat then - local token = sys.uniqueid(16) + token = sys.uniqueid(16) util.ubus("session", "set", { ubus_rpc_session = sdat.ubus_rpc_session, values = { @@ -345,15 +353,19 @@ function dispatch(request) } }) sess = sdat.ubus_rpc_session - ctx.urltoken.stok = token end end - if sess then - http.header("Set-Cookie", "sysauth=" .. sess.."; path="..build_url()) - http.redirect(build_url(unpack(ctx.requestpath))) + if sess and token then + http.header("Set-Cookie", 'sysauth=%s; path=%s/' %{ + sess, build_url() + }) + + ctx.urltoken.stok = token ctx.authsession = sess ctx.authuser = user + + http.redirect(build_url(unpack(ctx.requestpath))) end end else