Item14301: Implement ConfigurableCookieNamesAndPaths

Experimental item branch - until proposal is approved.
foswiki · Jan 24, 2017 · 7c91e29 · 7c91e29
1 parent b5be818
commit 7c91e29
Show file tree

Hide file tree

Showing 6 changed files with 39 additions and 7 deletions.
diff --git a/JQueryPlugin/lib/Foswiki/Plugins/JQueryPlugin/FOSWIKI.pm b/JQueryPlugin/lib/Foswiki/Plugins/JQueryPlugin/FOSWIKI.pm
@@ -98,6 +98,13 @@ sub init {
     if ( defined $Foswiki::cfg{Sessions}{CookieRealm} ) {
         $prefs{"COOKIEREALM"} = $Foswiki::cfg{Sessions}{CookieRealm};
     }
+    if ( defined $Foswiki::cfg{Sessions}{CookiePath} ) {
+        $prefs{"COOKIEPATH"} = $Foswiki::cfg{Sessions}{CookiePath} || '/';
+    }
+    if ( defined $Foswiki::cfg{Sessions}{CookieNamePrefix} ) {
+        $prefs{"COOKIENAMEPREFIX"} = $Foswiki::cfg{Sessions}{CookieNamePrefix}
+          || '';
+    }
     $prefs{"URLHOST"} = Foswiki::Func::getUrlHost();
 
     my $text =

diff --git a/PatternSkin/pub/System/JavascriptFiles/foswikiPref_src.js b/PatternSkin/pub/System/JavascriptFiles/foswikiPref_src.js
@@ -259,15 +259,17 @@ foswiki.Pref = {
 	_writePrefValues:function(inValues) {
 		var cookieString = (inValues != null)
         ? inValues.join(foswiki.Pref.COOKIE_PREF_SEPARATOR) : '';
+        var cookieName = foswiki.getPreference('COOKIENAMEPREFIX') + foswiki.Pref.FOSWIKI_PREF_COOKIE_NAME;
 		var expiryDate = new Date ();
+        var cookiePath   = foswiki.getPreference('COOKIEPATH');
         var cookieDomain = foswiki.getPreference('COOKIEREALM');
         var cookieSecure = foswiki.getPreference('URLHOST').startsWith("https://");
         // Correct for Mac date bug - call only once for given Date object!
 		foswiki.Pref._fixCookieDate (expiryDate);
 		expiryDate.setTime (expiryDate.getTime()
                             + foswiki.Pref.COOKIE_EXPIRY_TIME);
-		foswiki.Pref.setCookie(foswiki.Pref.FOSWIKI_PREF_COOKIE_NAME,
-                               cookieString, expiryDate, '/', cookieDomain, cookieSecure);
+		foswiki.Pref.setCookie(cookieName,
+                               cookieString, expiryDate, cookiePath, cookieDomain, cookieSecure);
 	},
 
 	/**

diff --git a/UpdatesPlugin/pub/System/UpdatesPlugin/jquery.updates.uncompressed.js b/UpdatesPlugin/pub/System/UpdatesPlugin/jquery.updates.uncompressed.js
@@ -15,7 +15,7 @@
     debug: false,
     delay: 1000, // number of seconds to delay contacting f.o.
     timeout: 5000, // number of seconds a jsonp call is considered failure
-    cookieName: "FOSWIKI_UPDATESPLUGIN", // name of the cookie
+    cookieNameSuffix: "FOSWIKI_UPDATESPLUGIN", // name of the cookie
     cookieExpires: 7, // number of days the cookie takes to expire
     cookieSecure: '0', // If secure cookies are needed (https)
     cookieDomain: ''   // Override domain if requested.
@@ -50,6 +50,7 @@
       self.options.endpointUrl = foswiki.getScriptUrl("rest", "UpdatesPlugin", "check");
     }
 
+    self.options.cookieName   = foswiki.getPreference('COOKIENAMEPREFIX') + self.options.cookieNameSuffix;
     self.options.cookieDomain = foswiki.getPreference('COOKIEREALM'); // Allow domain override
     self.options.cookieSecure = foswiki.getPreference('URLHOST').startsWith('https://');
 

diff --git a/core/lib/Foswiki.spec b/core/lib/Foswiki.spec
@@ -283,6 +283,22 @@ $Foswiki::cfg{Sessions}{IDsInURLs} = 0;
 # If empty, this defaults to the current host.
 $Foswiki::cfg{Sessions}{CookieRealm} = '';
 
+# **STRING 20 LABEL="Cookie Path" EXPERT DISPLAY_IF="{UseClientSessions}" CHECK="undefok emptyok iff:'{UseClientSessions}'"**
+# By default, the foswiki cookies live at the root of the path.  If foswiki shares
+# with other applications on the web server, it may be useful to set this to =/foswiki=
+# or another path appropriate for your site.
+#
+# If empty, the cookie will be at the '/' root.
+$Foswiki::cfg{Sessions}{CookiePath} = '/';
+
+# **STRING 20 LABEL="Cookie Name Prefix" EXPERT DISPLAY_IF="{UseClientSessions}" CHECK="undefok emptyok iff:'{UseClientSessions}'"**
+# With multiple Foswiki installations on the same host, it may be necessary to use unique names
+# for the cookies to avoid collisions.  This is especially true if the CookieRealm has been 
+# configured as a wildcard domain.
+#
+# If empty, no prefix is added.
+$Foswiki::cfg{Sessions}{CookieNamePrefix} = '';
+
 # **BOOLEAN LABEL="Use IP Matching" DISPLAY_IF="{UseClientSessions}" CHECK="iff:'{UseClientSessions}'" EXPERT**
 # Enable this option to prevent a session from being accessed by
 # more than one IP Address. This gives some protection against session

diff --git a/core/lib/Foswiki/LoginManager.pm b/core/lib/Foswiki/LoginManager.pm
@@ -122,6 +122,10 @@ sub makeLoginManager {
         else {
             $sessionname = 'FOSWIKISID';
         }
+        if ( $Foswiki::cfg{Sessions}{CookieNamePrefix} ) {
+            $sessionname =
+              $Foswiki::cfg{Sessions}{CookieNamePrefix} . $sessionname;
+        }
         if ( $Foswiki::LoginManager::Session::VERSION eq '4.10' ) {
 
             # 4.10 is broken; see Item1989
@@ -1126,7 +1130,7 @@ sub _addSessionCookieToResponse {
     my $cookie = CGI::Cookie->new(
         -name     => $Foswiki::LoginManager::Session::NAME,
         -value    => $this->{_cgisession}->id(),
-        -path     => '/',
+        -path     => $Foswiki::cfg{Sessions}{CookiePath} || '/',
         -domain   => $Foswiki::cfg{Sessions}{CookieRealm} || '',
         -httponly => 1,
         -secure   => $this->{session}->{request}->secure,
@@ -1160,7 +1164,7 @@ sub _delSessionCookieFromResponse {
     my $cookie = CGI::Cookie->new(
         -name     => $Foswiki::LoginManager::Session::NAME,
         -value    => '',
-        -path     => '/',
+        -path     => $Foswiki::cfg{Sessions}{CookiePath} || '/',
         -domain   => $Foswiki::cfg{Sessions}{CookieRealm} || '',
         -httponly => 1,
         -secure   => $this->{session}->{request}->secure,

diff --git a/core/lib/Foswiki/Validation.pm b/core/lib/Foswiki/Validation.pm
@@ -62,7 +62,9 @@ use constant TRACE => 0;
 
 # Define cookie name only once
 # WARNING: If you change this, be sure to also change the javascript
-sub _getSecretCookieName { 'FOSWIKISTRIKEONE' }
+sub _getSecretCookieName {
+    ( $Foswiki::cfg{Sessions}{CookieNamePrefix} || '' ) . 'FOSWIKISTRIKEONE';
+}
 
 =begin TML
 
@@ -201,7 +203,7 @@ sub getCookie {
     my $cookie = CGI::Cookie->new(
         -name  => _getSecretCookieName(),
         -value => $secret,
-        -path  => '/',
+        -path  => $Foswiki::cfg{Sessions}{CookiePath} || '/',
         -httponly => 0,    # we *want* JS to be able to read it!
         -domain => $Foswiki::cfg{Sessions}{CookieRealm} || '',
         -secure => $Foswiki::Plugins::SESSION->{request}->secure,