we should only send the Set-Cookie header to the browser on the first response after creating a manager session, not on every response (doing so causes the browser to clear any local cookies it may have associated with the session)

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@99001 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2025-09-04 11:58:52 +00:00 · 2008-01-17 21:31:56 +00:00
parent fec33edd9d
commit af7670bca8
1 changed files with 6 additions and 2 deletions
--- a/main/manager.c
+++ b/main/manager.c
@@ -2639,6 +2639,7 @@ static char *generic_http_callback(int format, struct sockaddr_in *requestor, co
 	char *c = workspace;
 	char *retval = NULL;
 	struct ast_variable *v;
+	unsigned int new_session = 0;

 	for (v = params; v; v = v->next) {
 		if (!strcasecmp(v->name, "mansession_id")) {
@@ -2670,6 +2671,7 @@ static char *generic_http_callback(int format, struct sockaddr_in *requestor, co
 		ast_atomic_fetchadd_int(&s->eventq->usecount, 1);
 		ast_atomic_fetchadd_int(&num_sessions, 1);
 		AST_LIST_UNLOCK(&sessions);
+		new_session = 1;
 	}

 	/* Reset HTTP timeout.  If we're not yet authenticated, keep it extremely short */
@@ -2710,8 +2712,10 @@ static char *generic_http_callback(int format, struct sockaddr_in *requestor, co
 			s->needdestroy = 1;
 		}
 		ast_build_string(&c, &len, "Content-type: text/%s\r\n", contenttype[format]);
-		sprintf(tmp, "%08lx", s->managerid);
-		ast_build_string(&c, &len, "%s\r\n", ast_http_setcookie("mansession_id", tmp, httptimeout, cookie, sizeof(cookie)));
+		if (new_session) {
+			sprintf(tmp, "%08lx", s->managerid);
+			ast_build_string(&c, &len, "%s\r\n", ast_http_setcookie("mansession_id", tmp, httptimeout, cookie, sizeof(cookie)));
+		}
 		if (format == FORMAT_HTML)
 			ast_build_string(&c, &len, "<title>Asterisk&trade; Manager Interface</title>");
 		if (format == FORMAT_XML) {