Use separate cookies for HTTP and HTTPS connections

cesanta · Nov 12, 2024 · b973187 · b973187
1 parent 991080e
commit b973187
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 16 deletions.
diff --git a/examples/device-dashboard/net.c b/examples/device-dashboard/net.c
@@ -77,19 +77,22 @@ static struct user *authenticate(struct mg_http_message *hm) {
 
 static void handle_login(struct mg_connection *c, struct user *u) {
   char cookie[256];
+  const char *cookie_name = c->is_tls ? "secure_access_token" : "access_token";
   mg_snprintf(cookie, sizeof(cookie),
-              "Set-Cookie: access_token=%s; Path=/; "
+              "Set-Cookie: %s=%s; Path=/; "
               "%sHttpOnly; SameSite=Lax; Max-Age=%d\r\n",
-              u->access_token, c->is_tls ? "Secure; " : "", 3600 * 24);
+              cookie_name, u->access_token,
+              c->is_tls ? "Secure; " : "", 3600 * 24);
   mg_http_reply(c, 200, cookie, "{%m:%m}", MG_ESC("user"), MG_ESC(u->name));
 }
 
 static void handle_logout(struct mg_connection *c) {
   char cookie[256];
+  const char *cookie_name = c->is_tls ? "secure_access_token" : "access_token";
   mg_snprintf(cookie, sizeof(cookie),
-              "Set-Cookie: access_token=; Path=/; "
+              "Set-Cookie: %s=; Path=/; "
               "Expires=Thu, 01 Jan 1970 00:00:00 UTC; "
-              "%sHttpOnly; Max-Age=0; \r\n",
+              "%sHttpOnly; Max-Age=0; \r\n", cookie_name,
               c->is_tls ? "Secure; " : "");
   mg_http_reply(c, 200, cookie, "true\n");
 }

diff --git a/examples/wifi-router-dashboard/net.c b/examples/wifi-router-dashboard/net.c
@@ -156,19 +156,23 @@ static struct user *authenticate(struct mg_http_message *hm) {
 
 static void handle_login(struct mg_connection *c, struct user *u) {
   char cookie[256];
+  const char *cookie_name = c->is_tls ? "secure_access_token" : "access_token";
   mg_snprintf(cookie, sizeof(cookie),
-              "Set-Cookie: access_token=%s;Path=/;"
-              "HttpOnly;SameSite=Lax;Max-Age=%d\r\n",
-              u->access_token, 3600 * 24);
+              "Set-Cookie: %s=%s;Path=/;"
+              "%sHttpOnly;SameSite=Lax;Max-Age=%d\r\n", cookie_name,
+              u->access_token, c->is_tls ? "Secure; " : "", 3600 * 24);
   mg_http_reply(c, 200, cookie, "{%m:%m}", MG_ESC("user"), MG_ESC(u->name));
 }
 
 static void handle_logout(struct mg_connection *c) {
-  mg_http_reply(c, 200,
-                "Set-Cookie: access_token=; Path=/; "
-                "Expires=Thu, 01 Jan 1970 00:00:00 UTC; "
-                "Secure; HttpOnly; Max-Age=0; \r\n",
-                "true\n");
+  char cookie[256];
+  const char *cookie_name = c->is_tls ? "secure_access_token" : "access_token";
+  mg_snprintf(cookie, sizeof(cookie),
+              "Set-Cookie: %s=; Path=/; "
+              "Expires=Thu, 01 Jan 1970 00:00:00 UTC; "
+              "%sHttpOnly; Max-Age=0; \r\n", cookie_name,
+              c->is_tls ? "Secure; " : "");
+  mg_http_reply(c, 200, cookie, "true\n");
 }
 
 static void handle_debug(struct mg_connection *c, struct mg_http_message *hm) {

diff --git a/reference-projects/windows-macos-linux/web-ui-dashboard/net.c b/reference-projects/windows-macos-linux/web-ui-dashboard/net.c
@@ -78,19 +78,22 @@ static struct user *authenticate(struct mg_http_message *hm) {
 
 static void handle_login(struct mg_connection *c, struct user *u) {
   char cookie[256];
+  const char *cookie_name = c->is_tls ? "secure_access_token" : "access_token";
   mg_snprintf(cookie, sizeof(cookie),
-              "Set-Cookie: access_token=%s; Path=/; "
+              "Set-Cookie: %s=%s; Path=/; "
               "%sHttpOnly; SameSite=Lax; Max-Age=%d\r\n",
-              u->access_token, c->is_tls ? "Secure; " : "", 3600 * 24);
+              cookie_name, u->access_token,
+              c->is_tls ? "Secure; " : "", 3600 * 24);
   mg_http_reply(c, 200, cookie, "{%m:%m}", MG_ESC("user"), MG_ESC(u->name));
 }
 
 static void handle_logout(struct mg_connection *c) {
   char cookie[256];
+  const char *cookie_name = c->is_tls ? "secure_access_token" : "access_token";
   mg_snprintf(cookie, sizeof(cookie),
-              "Set-Cookie: access_token=; Path=/; "
+              "Set-Cookie: %s=; Path=/; "
               "Expires=Thu, 01 Jan 1970 00:00:00 UTC; "
-              "%sHttpOnly; Max-Age=0; \r\n",
+              "%sHttpOnly; Max-Age=0; \r\n", cookie_name,
               c->is_tls ? "Secure; " : "");
   mg_http_reply(c, 200, cookie, "true\n");
 }