Change Session Cookie name
We have a use case where the GUI sits behind a Apache Tomcat proxy[1].
In this environment the cookie looks like:
```
en-US,en;q=0.9cookie:
JSESSIONIDSSO=4E999D77EF4E01CB72DE63949D5FF830;
CCFWSESSION=48A66EB93C00AD4F6327FB3FC2A338FC; LOGIN_MODE=Dashboard;
XSRF-TOKEN=Ue1La3Ik48Bn5NosyLnJ; SESSION=pCAdqApWt4Kb4IUV9vh8dnt:
```
The bmcweb code thinks the CCFWSESSION= is the SESSION. The bmcweb code
could be made smarter to differentiate "CCFWSESSION" and "SESSION" but
reading SESSION seems too generic of a name and something like
"BMCWEB-SESSION" better matches [2], [3], and [4].
[1]: https://tomcat.apache.org/tomcat-9.0-doc/proxy-howto.html
[2]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#session_cookie
[3]: https://http.dev/set-cookie
[4]: https://www.geeksforgeeks.org/http-headers-set-cookie/
Tested: The GUI works and this proxy environment now works.
Change-Id: I9b63093c1839e26602fe26313a330e337961cb81
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
diff --git a/include/cookies.hpp b/include/cookies.hpp
index ef76cd6..273871e 100644
--- a/include/cookies.hpp
+++ b/include/cookies.hpp
@@ -17,14 +17,14 @@
"XSRF-TOKEN=" + session.csrfToken +
"; Path=/; SameSite=Strict; Secure");
res.addHeader(boost::beast::http::field::set_cookie,
- "SESSION=" + session.sessionToken +
+ "BMCWEB-SESSION=" + session.sessionToken +
"; Path=/; SameSite=Strict; Secure; HttpOnly");
}
inline void clearSessionCookies(crow::Response& res)
{
res.addHeader(boost::beast::http::field::set_cookie,
- "SESSION="
+ "BMCWEB-SESSION="
"; Path=/; SameSite=Strict; Secure; HttpOnly; "
"expires=Thu, 01 Jan 1970 00:00:00 GMT");
res.addHeader("Clear-Site-Data", R"("cache","cookies","storage")");