Allow custom cookie domain

g0dsCookie · May 17, 2019 · 8b5e90b · 8b5e90b
1 parent 9640fa4
commit 8b5e90b
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 0 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -17,6 +17,7 @@ ENV LDAPAUTHD_LOGLEVEL=INFO \
     LDAPAUTHD_PORT=80 \
     LDAPAUTHD_REALM=Authorization\ required \
     LDAPAUTHD_SESSION_STORAGE=memcached \
+    LDAPAUTHD_SESSION_DOMAIN= \
     LDAPAUTHD_SESSION_HOST=sessiondb:11211 \
     LDAPAUTHD_SESSION_TTL=900 \
     LDAP_LOGLEVEL=ERROR \

diff --git a/README.md b/README.md
@@ -80,6 +80,7 @@ Configuration for this daemon is read from the current environment. Available co
 | LDAPAUTHD_USER              | User the daemon should be run with.              | nobody                 |
 | LDAPAUTHD_REALM             | String to set in WWW-Authenticate.               | Authorization required |
 | LDAPAUTHD_SESSION_STORAGE   | Choose session storage backend. Available: memcached | memcached          |
+| LDAPAUTHD_SESSION_DOMAIN    | Set domain for your session cookie.              |                        |
 | LDAPAUTHD_SESSION_HOST      | Host address of your session storage.            | localhost:11211        |
 | LDAPAUTHD_SESSION_TTL       | Maximum TTL for sessions in seconds.             | 900                    |
 | LDAP_LOGLEVEL               | https://ldap3.readthedocs.io/logging.html#logging-detail-level | ERROR    |

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -19,6 +19,8 @@ services:
       #- LDAPAUTHD_REALM=Authorization required
       # Choose session storage backend. Available: memcached
       #- LDAPAUTHD_SESSION_STORAGE=memcached
+      # Set domain for your session cookie.
+      #- LDAPAUTHD_SESSION_DOMAIN=
       # Host address of your session storage.
       #- LDAPAUTHD_SESSION_HOST=sessiondb:11211
       # Maximum TTL for sessions in seconds.

diff --git a/ldapauthd.py b/ldapauthd.py
@@ -315,6 +315,8 @@ def do_GET(self):
 
             cookie = SimpleCookie()
             cookie["_ldapauthd_sess"] = self.session_id
+            if cookie_domain:
+                cookie["_ldapauthd_sess"]["domain"] = cookie_domain
 
             self.send_response(307)
             self.send_header("Set-Cookie", cookie["_ldapauthd_sess"].OutputString())
@@ -385,6 +387,7 @@ def to_lower_dict(data):
     logging.basicConfig(format="%(asctime)-15s %(name)s [%(levelname)s]: %(message)s")
 
     realm = os.getenv("LDAPAUTHD_REALM", "Authorization required")
+    cookie_domain = os.getenv("LDAPAUTHD_SESSION_DOMAIN", None)
 
     sessions = SessionHandlerBase.get_handler()
     sessions.run()