Fossil SCM
Corrected some no-longer-true docs about the login cookie.
Commit
3989c385ef8a99aac29c6defa29c52401f19f1fa71b67c242b4f1eee2abcbb08
Parent
5c84a729077d9e0…
1 file changed
+6
-8
+6
-8
| --- src/login.c | ||
| +++ src/login.c | ||
| @@ -262,27 +262,25 @@ | ||
| 262 | 262 | ** |
| 263 | 263 | ** If zDest is not NULL then the generated cookie is copied to |
| 264 | 264 | ** *zDdest and ownership is transfered to the caller (who should |
| 265 | 265 | ** eventually pass it to free()). |
| 266 | 266 | ** |
| 267 | -** If bSessionCookie is true, the cookie will be a session cookie | |
| 268 | -** and the [user].[cexpire] and [user].[cookie] entries will not be | |
| 269 | -** modified. | |
| 267 | +** If bSessionCookie is true, the cookie will be a session cookie, | |
| 268 | +** else a persistent cookie. If it's a session cookie, the | |
| 269 | +** [user].[cexpire] and [user].[cookie] entries will be modified as if | |
| 270 | +** it were a persistent cookie because doing so is necessary for | |
| 271 | +** fossil's own "is this cookie still valid?" checks to work. | |
| 270 | 272 | */ |
| 271 | 273 | void login_set_user_cookie( |
| 272 | 274 | const char *zUsername, /* User's name */ |
| 273 | 275 | int uid, /* User's ID */ |
| 274 | 276 | char **zDest, /* Optional: store generated cookie value. */ |
| 275 | 277 | int bSessionCookie /* True for session-only cookie */ |
| 276 | 278 | ){ |
| 277 | 279 | const char *zCookieName = login_cookie_name(); |
| 278 | 280 | const char *zExpire = db_get("cookie-expire","8766"); |
| 279 | - const int expires = atoi(zExpire)*3600 | |
| 280 | - /* the expiry time for session cookies is a bit of a hack. If we | |
| 281 | - don't update user.cexpire for session-only cookies then | |
| 282 | - session-only logins for non-anonymous users do not survive past | |
| 283 | - the login step. */; | |
| 281 | + const int expires = atoi(zExpire)*3600; | |
| 284 | 282 | char *zHash = 0; |
| 285 | 283 | char *zCookie; |
| 286 | 284 | const char *zIpAddr = PD("REMOTE_ADDR","nil"); /* IP address of user */ |
| 287 | 285 | |
| 288 | 286 | assert((zUsername && *zUsername) && (uid > 0) && "Invalid user data."); |
| 289 | 287 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -262,27 +262,25 @@ | |
| 262 | ** |
| 263 | ** If zDest is not NULL then the generated cookie is copied to |
| 264 | ** *zDdest and ownership is transfered to the caller (who should |
| 265 | ** eventually pass it to free()). |
| 266 | ** |
| 267 | ** If bSessionCookie is true, the cookie will be a session cookie |
| 268 | ** and the [user].[cexpire] and [user].[cookie] entries will not be |
| 269 | ** modified. |
| 270 | */ |
| 271 | void login_set_user_cookie( |
| 272 | const char *zUsername, /* User's name */ |
| 273 | int uid, /* User's ID */ |
| 274 | char **zDest, /* Optional: store generated cookie value. */ |
| 275 | int bSessionCookie /* True for session-only cookie */ |
| 276 | ){ |
| 277 | const char *zCookieName = login_cookie_name(); |
| 278 | const char *zExpire = db_get("cookie-expire","8766"); |
| 279 | const int expires = atoi(zExpire)*3600 |
| 280 | /* the expiry time for session cookies is a bit of a hack. If we |
| 281 | don't update user.cexpire for session-only cookies then |
| 282 | session-only logins for non-anonymous users do not survive past |
| 283 | the login step. */; |
| 284 | char *zHash = 0; |
| 285 | char *zCookie; |
| 286 | const char *zIpAddr = PD("REMOTE_ADDR","nil"); /* IP address of user */ |
| 287 | |
| 288 | assert((zUsername && *zUsername) && (uid > 0) && "Invalid user data."); |
| 289 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -262,27 +262,25 @@ | |
| 262 | ** |
| 263 | ** If zDest is not NULL then the generated cookie is copied to |
| 264 | ** *zDdest and ownership is transfered to the caller (who should |
| 265 | ** eventually pass it to free()). |
| 266 | ** |
| 267 | ** If bSessionCookie is true, the cookie will be a session cookie, |
| 268 | ** else a persistent cookie. If it's a session cookie, the |
| 269 | ** [user].[cexpire] and [user].[cookie] entries will be modified as if |
| 270 | ** it were a persistent cookie because doing so is necessary for |
| 271 | ** fossil's own "is this cookie still valid?" checks to work. |
| 272 | */ |
| 273 | void login_set_user_cookie( |
| 274 | const char *zUsername, /* User's name */ |
| 275 | int uid, /* User's ID */ |
| 276 | char **zDest, /* Optional: store generated cookie value. */ |
| 277 | int bSessionCookie /* True for session-only cookie */ |
| 278 | ){ |
| 279 | const char *zCookieName = login_cookie_name(); |
| 280 | const char *zExpire = db_get("cookie-expire","8766"); |
| 281 | const int expires = atoi(zExpire)*3600; |
| 282 | char *zHash = 0; |
| 283 | char *zCookie; |
| 284 | const char *zIpAddr = PD("REMOTE_ADDR","nil"); /* IP address of user */ |
| 285 | |
| 286 | assert((zUsername && *zUsername) && (uid > 0) && "Invalid user data."); |
| 287 |