summaryrefslogtreecommitdiff
path: root/module
diff options
context:
space:
mode:
Diffstat (limited to 'module')
-rw-r--r--module/mod_auth_singleid.c25
1 files changed, 20 insertions, 5 deletions
diff --git a/module/mod_auth_singleid.c b/module/mod_auth_singleid.c
index 41402ed..65f3342 100644
--- a/module/mod_auth_singleid.c
+++ b/module/mod_auth_singleid.c
@@ -609,27 +609,42 @@ session_load_info (sid_context_t *ctx, request_rec *r)
return NULL;
sig = get_token (r->pool, &value, " ");
- if (!sig || !session_validate_sig (r->pool, sig, value))
+ if (!sig || !session_validate_sig (r->pool, sig, value)) {
+ ap_log_rerror (APLOG_MARK, APLOG_WARNING, 0, r,
+ "auth-singleid: invalid signature in cookie: %s", sig ? sig : "");
return NULL;
+ }
/* The version of the session info, only 1 supported for now */
token = get_token (r->pool, &value, " ");
- if (!token || strcmp (token, "2") != 0)
+ if (!token || strcmp (token, "2") != 0) {
+ ap_log_rerror (APLOG_MARK, APLOG_WARNING, 0, r,
+ "auth-singleid: invalid version number in cookie: %s", token ? token : "");
return NULL;
+ }
token = get_token (r->pool, &value, " ");
expiry = strtol (token ? token : "x", &end, 10);
- if (*end != '\0')
+ if (*end != '\0') {
+ ap_log_rerror (APLOG_MARK, APLOG_WARNING, 0, r,
+ "auth-singleid: invalid expiry time in cookie: %s", token ? token : "");
return NULL;
+ }
/* Don't let expired sessions be valid */
- if (expiry < time (NULL))
+ if (expiry < time (NULL)) {
+ ap_log_rerror (APLOG_MARK, APLOG_WARNING, 0, r,
+ "auth-singleid: cookie has expired");
return NULL;
+ }
/* The identifier */
identifier = get_token (r->pool, &value, " ");
- if (!identifier || !ap_is_url (identifier))
+ if (!identifier || !ap_is_url (identifier)) {
+ ap_log_rerror (APLOG_MARK, APLOG_WARNING, 0, r,
+ "auth-singleid: invalid identifier in cookie: %s", token ? token : "");
return NULL;
+ }
sess = apr_pcalloc (r->pool, sizeof (sid_session_t));
sess->expiry = expiry;