Maybe we need a parameter for sessionstart()

mod_harbour is an Apache module that allows to run PRGs directly on the web !!!
Post Reply
User avatar
Otto
Posts: 6396
Joined: Fri Oct 07, 2005 7:07 pm
Has thanked: 8 times
Been thanked: 1 time
Contact:

Maybe we need a parameter for sessionstart()

Post by Otto »

Dear Antonio,

can you tell me please what SetCookie( "_HB_SESSION_", "", 0 ) exactly does?
How long exitst a session with 0 secs. For ever?
I use in mod Harbour for session following code:

Code: Select all | Expand

function SessionStart() // Starts a session
    /*
       Creates the .hb_sessions directory on the temp dir if not already created, creates the session hash table and saves the session id on a cookie.
    */ 
    local cChars := "0123456789ABCDEF"
    local cUUID  := ""
    local cPass  := ""
    local cCookie := GetCookieByKey( "_HB_SESSION_" )
    local hStart := { => }
    local cKey, cDataDesenc, cDataEnc
    local cReturned := .F.
    local nHandle
    
    if cCookie == nil
       for n = 1 to 16
          cUUID += SubStr( cChars, hb_Random( 1, 16 ), 1 )
          cPass += SubStr( cChars, hb_Random( 1, 16 ), 1 )
       next

       if ! hb_DirExists( hb_DirTemp() + ".hb_sessions" )
          hb_DirCreate( hb_DirTemp() + ".hb_sessions" )
       endif
       
       cKey := hb_blowfishKey( cPass )
    
       cDataDesenc = hb_Serialize( hStart )
       cDataEnc = hb_blowfishEncrypt( cKey, cDataDesenc )

       if ( nHandle := FCreate( hb_DirTemp() + ".hb_sessions/" + cUUID + ".ses" ) ) > 0
          hb_MemoWrit( hb_DirTemp() + ".hb_sessions/" + cUUID + ".ses", cDataEnc )
          FClose( nHandle )
       else
          cReturned = .F.
       endif
    
       cCookie = cUUID + ":" + cPass
    
       SetCookie( "_HB_SESSION_", cCookie )
       cReturned = .T.
    endif
 
 return cReturned
 
 //-------------------------------------------------------------------------------------//
It seems to me now that SetCookie( "_HB_SESSION_", cCookie ) which uses

Code: Select all | Expand

function SetCookie( cName, cValue, nSecs, cPath, cDomain, lHttps, lOnlyHttp ) 

   local cCookie := ''
    
   // check parameters
   hb_default( @cName, '' )
   hb_default( @cValue, '' )
   hb_default( @nSecs, 3600 )   // Session will expire in Seconds 60 * 60 = 3600
   hb_default( @cPath, '/' )
   hb_default( @cDomain , '' )
   hb_default( @lHttps, .F. )
   hb_default( @lOnlyHttp, .F. )    
    
   // we build the cookie
   cCookie += cName + '=' + cValue + ';'
   cCookie += 'expires=' + CookieExpires( nSecs ) + ';'
   cCookie += 'path=' + cPath + ';'
   
   if ! Empty( cDomain )
      cCookie += 'domain=' + cDomain + ';'
   endif
        
   // pending logical values for https y OnlyHttp

   // we send the cookie
   AP_HeadersOutSet( "Set-Cookie", cCookie )

return nil

//----------------------------------------------------------------//
defaults to 3600 secs.

Best regards,
Otto
********************************************************************
mod harbour - Vamos a la conquista de la Web
modharbour.org
https://www.facebook.com/groups/modharbour.club
********************************************************************
User avatar
Carles
Posts: 1149
Joined: Fri Feb 10, 2006 2:34 pm
Location: Barcelona
Been thanked: 6 times
Contact:

Re: Maybe we need a parameter for sessionstart()

Post by Carles »

Otto

The third parameter is the duration of the cookie. By default, it is set to 3600 sec. If you specify 0 it doesn't expire or at least it was the purpose.

I think I remember that if you didn't put the "expires=" clause in the cookie function, it didn't expire



C.
Salutacions, saludos, regards

"...programar es fácil, hacer programas es difícil..."

UT Page -> https://carles9000.github.io/
Forum UT -> https://discord.gg/bq8a9yGMWh
Skype -> https://join.skype.com/cnzQg3Kr1dnk
User avatar
Otto
Posts: 6396
Joined: Fri Oct 07, 2005 7:07 pm
Has thanked: 8 times
Been thanked: 1 time
Contact:

Re: Maybe we need a parameter for sessionstart()

Post by Otto »

Hello Carles,
thank you.

I am referring to the session.prg function, specifically the sessionstart() function. The code include the following line to set the cookie:

SetCookie("HB_SESSION", cCookie)

The default duration for the cookie is 3600 seconds.

Best regards,
Otto

/*
sessions.prg - Sessions Engine for mod_harbour
(c) 2020 Lorenzo De Linares Álvarez - lorenzo.linares@icloud.com
Released under MIT Licence. Please use it giving credit to the author of the code.

This module implements sessions on mod_harbour. Sessions are used to save
data on a session hash table. The saved data on the server is encrypted by
a key that it is only stored on the client and is unique for each session.
*/

Code: Select all | Expand

function SessionStart() // Starts a session
    /*
       Creates the .hb_sessions directory on the temp dir if not already created, creates the session hash table and saves the session id on a cookie.
    */ 
    local cChars := "0123456789ABCDEF"
    local cUUID  := ""
    local cPass  := ""
    local cCookie := GetCookieByKey( "_HB_SESSION_" )
    local hStart := { => }
    local cKey, cDataDesenc, cDataEnc
    local cReturned := .F.
    local nHandle
    logline('SessionStart','test')
    if cCookie == nil
       for n = 1 to 16
          cUUID += SubStr( cChars, hb_Random( 1, 16 ), 1 )
          cPass += SubStr( cChars, hb_Random( 1, 16 ), 1 )
       next

       if ! hb_DirExists( hb_DirTemp() + ".hb_sessions" )
          hb_DirCreate( hb_DirTemp() + ".hb_sessions" )
       endif
       
       cKey := hb_blowfishKey( cPass )
    
       cDataDesenc = hb_Serialize( hStart )
       cDataEnc = hb_blowfishEncrypt( cKey, cDataDesenc )

       if ( nHandle := FCreate( hb_DirTemp() + ".hb_sessions/" + cUUID + ".ses" ) ) > 0
          hb_MemoWrit( hb_DirTemp() + ".hb_sessions/" + cUUID + ".ses", cDataEnc )
          FClose( nHandle )
       else
          cReturned = .F.
       endif
    
       cCookie = cUUID + ":" + cPass
    
       SetCookie( "_HB_SESSION_", cCookie )
       logline("setcookie", '72000' )
       cReturned = .T.
    endif
 
 return cReturned
 
 //-------------------------------------------------------------------------------------//
********************************************************************
mod harbour - Vamos a la conquista de la Web
modharbour.org
https://www.facebook.com/groups/modharbour.club
********************************************************************
Post Reply