diff options
| author | Xavier Del Campo Romero <xavi92@disroot.org> | 2026-02-12 15:55:13 +0100 |
|---|---|---|
| committer | Xavier Del Campo Romero <xavi92@disroot.org> | 2026-02-12 16:10:37 +0100 |
| commit | 1b2a52d214d92f543c9e0651f56c3292b23655a5 (patch) | |
| tree | a892b5623895d3a323e982439201488281c08a34 | |
| parent | 424e46f5408776cd36d8258d3cbffa55acf56cc7 (diff) | |
Add optional expiration date to http_cookie_create
So far, libweb had been arbitrarily appending a 1-year expiration date
to all HTTP cookies. While good enough for some contexts, libweb should
allow users to set up their own, if any, so this arbitary decision has
been eventually removed.
| -rw-r--r-- | doc/man3/http_cookie_create.3 | 28 | ||||
| -rw-r--r-- | http.c | 36 | ||||
| -rw-r--r-- | include/libweb/http.h | 4 |
3 files changed, 30 insertions, 38 deletions
diff --git a/doc/man3/http_cookie_create.3 b/doc/man3/http_cookie_create.3 index 3ed78be..c439d91 100644 --- a/doc/man3/http_cookie_create.3 +++ b/doc/man3/http_cookie_create.3 @@ -1,4 +1,4 @@ -.TH HTTP_COOKIE_CREATE 3 2024-08-22 0.4.0 "libweb Library Reference" +.TH HTTP_COOKIE_CREATE 3 2026-02-12 0.6.0 "libweb Library Reference" .SH NAME http_cookie_create \- creates a HTTP/1.1 cookie @@ -8,7 +8,7 @@ http_cookie_create \- creates a HTTP/1.1 cookie .nf #include <libweb/http.h> .P -char *http_cookie_create(const char *\fIkey\fP, const char *\fIvalue\fP); +char *http_cookie_create(const char *\fIkey\fP, const char *\fIvalue\fP, const struct tm *\fIexp\fP); .fi .SH DESCRIPTION @@ -19,7 +19,13 @@ defined by .I key and .IR value , -which are null-terminated strings. +which are null-terminated strings, with an optional expiration date defined by +.IR exp . + +If +.I exp +is a null pointer, no expiration date is set to the cookie, and therefore it +effectively acts as a session cookie. .SH RETURN VALUE On success, a null-terminated string with the newly HTTP/1.1 cookie is @@ -34,11 +40,13 @@ A successful call to with .I ExampleValue as -.I key -and +.IR key , .I ExampleValue as .I value +and +.I exp +pointing to a given calendar time might return a null-terminated string such as the one below: .LP @@ -48,19 +56,11 @@ ExampleHeader=ExampleValue; HttpOnly; Expires Wed, 07 Sep 2023 00:00:00 GMT .EE .in -.SH FUTURE DIRECTIONS - -.I libweb -sets a 1-year expiration date for HTTP cookies due to arbitrary design -limitations. Future versions of this library shall allow a custom -expiration date as an additional parameter to -.IR http_cookie_create (3). - .SH SEE ALSO .BR libweb_http (7). .SH COPYRIGHT -Copyright (C) 2023-2024 libweb contributors +Copyright (C) 2023-2026 libweb contributors .P This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by @@ -2748,29 +2748,11 @@ failure: return ret; } -static int append_expire(struct dynstr *const d) +static int append_expire(struct dynstr *const d, const struct tm *const exp) { - time_t t = time(NULL); - - if (t == (time_t)-1) - { - fprintf(stderr, "%s: time(3): %s\n", __func__, strerror(errno)); - return -1; - } - - t += 365 * 24 * 60 * 60; - - struct tm tm; - - if (!localtime_r(&t, &tm)) - { - fprintf(stderr, "%s: localtime_r(3): %s\n", __func__, strerror(errno)); - return -1; - } - char s[sizeof "Thu, 01 Jan 1970 00:00:00 GMT"]; - if (!strftime(s, sizeof s, "%a, %d %b %Y %H:%M:%S GMT", &tm)) + if (!strftime(s, sizeof s, "%a, %d %b %Y %H:%M:%S GMT", exp)) { fprintf(stderr, "%s: strftime(3) failed\n", __func__); return -1; @@ -2784,15 +2766,23 @@ static int append_expire(struct dynstr *const d) return 0; } -char *http_cookie_create(const char *const key, const char *const value) +char *http_cookie_create(const char *const key, const char *const value, + const struct tm *const exp) { struct dynstr d; dynstr_init(&d); - if (dynstr_append(&d, "%s=%s; HttpOnly; SameSite=Strict", key, value) - || append_expire(&d)) + if (dynstr_append(&d, "%s=%s; HttpOnly; SameSite=Strict", key, value)) + { + fprintf(stderr, "%s: dynstr_append failed\n", __func__); goto failure; + } + else if (exp && append_expire(&d, exp)) + { + fprintf(stderr, "%s: append_expire failed\n", __func__); + goto failure; + } return d.str; diff --git a/include/libweb/http.h b/include/libweb/http.h index dab19df..bd7769e 100644 --- a/include/libweb/http.h +++ b/include/libweb/http.h @@ -4,6 +4,7 @@ #include <stdbool.h> #include <stddef.h> #include <stdio.h> +#include <time.h> struct http_header { @@ -144,7 +145,8 @@ void http_free(struct http_ctx *h); int http_update(struct http_ctx *h, bool *write, bool *close); int http_response_add_header(struct http_response *r, const char *header, const char *value); -char *http_cookie_create(const char *key, const char *value); +char *http_cookie_create(const char *key, const char *value, + const struct tm *exp); char *http_encode_url(const char *url); int http_decode_url(const char *url, bool spaces, char **out); |