Re: [Cppcms-users] Getting session cookie id upon session creation
Brought to you by:
artyom-beilis
Menu
▾
▴
Re: [Cppcms-users] Getting session cookie id upon session creation
|
From: Artyom <art...@ya...> - 2010-08-05 10:45:57
|
> Is it possible to retrieve the session cookie in another way? At today's API it is possible to do this from client side only, using JavaScript. In order to be able to see response cookies `cppcms::http::response` class should be extended to support it. Quite trivial change. Also you may create your own session backend, but this is BAD idea. > I want to put in my response to the creation of a new session after > login the session id. Why would you do such thing? This is quite bad idea as it has some security issues as this data may leak somehow. The best to keep it withing cookies. Also please note, this is generally should not be session id See <http://art-blog.no-ip.info/wikipp/en/page/cppcms_1x_config#session> This maybe just encrypted or signed session data in cookie and not some kind of id (depending on session backend you are using). > The function get_session_cookie() returns an empty string. You should not use this function as described in the manual as it should be used only from implementations of session backend. Note: get_session_cookie() gives incoming cookie data (i.e. request's cookie) and set_session_cookies() sets outgoing cookie data (i.e. response' cookie) and this cookie is set only after you save session. So, simplest solution is to patch a little http::response for this so it would support retrieving response cookies, not just setting them (generally good thing to be in CppCMS's API), but I would suggest for you to rethink if you really need to have this cookie. Artyom |
