MQX Software Solutions中的主题 HTTP Cookies https://community.nxp.com/t5/MQX-Software-Solutions/HTTP-Cookies/m-p/496778#M16072 <HTML><HEAD></HEAD><BODY><P>I thought I would share this to give something back to the community.<BR />I have added support for one time HTTP headers that I use to send cookies to the client and support for reading cookies from received headers.<BR />I am using this for an alternative authentication solution that better fits my needs but it is pretty generic.<BR />The steps are based on the KSDK 1.3 with MQX version of the RTCS. I modified the KSDK / MQX source and then rebuilt the library which is then included in my project.<BR />I have added my name in a comment on the new lines / blocks of code and included small sections of the original surrounding code to help find the locations.</P><P></P><P>1. Add two extra char pointers to the HTTPSRV_SESSION_STRUCT:</P><PRE __default_attr="c++" __jive_macro_name="code" class="jive_macro_code _jivemacro_uid_14568345177851307 jive_text_macro" data-renderedposition="290_50_798_400" jivemacro_uid="_14568345177851307"><P>/* * HTTP session structure */ typedef struct httpsrv_session_struct { &nbsp;&nbsp;&nbsp; HTTPSRV_SES_FUNC&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; process_func;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Session process function */ &nbsp;&nbsp;&nbsp; HTTPSRV_SES_STATE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; state;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* HTTP session state */ &nbsp;&nbsp;&nbsp; volatile uint32_t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; valid;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Any value different than HTTPSRV_SESSION_VALID means session is invalid */ &nbsp;&nbsp;&nbsp; volatile uint32_t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; sock;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Session socket */ &nbsp;&nbsp;&nbsp; volatile uint32_t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; time;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Session time. Updated when there is some activity in session. Used for timeout detection. */ &nbsp;&nbsp;&nbsp; uint32_t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; timeout;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Session timeout in ms. timeout_time = time + timeout */ &nbsp;&nbsp;&nbsp; HTTPSRV_BUFF_STRUCT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; buffer;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Session internal read/write buffer */ &nbsp;&nbsp;&nbsp; HTTPSRV_REQ_STRUCT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; request;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Data read from the request */ &nbsp;&nbsp;&nbsp; HTTPSRV_RES_STRUCT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; response;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Response data */ &nbsp;&nbsp;&nbsp; LWSEM_STRUCT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; lock;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Session lock */ &nbsp;&nbsp;&nbsp; volatile _task_id&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; script_tid;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Session script handler */ &nbsp;&nbsp;&nbsp; HTTPSRV_PLUGIN_STRUCT&nbsp;&nbsp;&nbsp; *plugin;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Plugin to be invoked for session. */ &nbsp;&nbsp;&nbsp; WS_HANDSHAKE_STRUCT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *ws_handshake;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* WebSocket hand-shake */ &nbsp;&nbsp;&nbsp; #if RTCSCFG_ENABLE_SSL &nbsp;&nbsp;&nbsp; uint32_t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ssl_sock;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* SSL context handle */ &nbsp;&nbsp;&nbsp; #endif &nbsp;&nbsp;&nbsp; uint32_t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; flags;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Session flags */ &nbsp;&nbsp;&nbsp; char*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; onetimeHTTPHdrs;&nbsp;&nbsp;&nbsp; // Adrian:- Extra headers to be returned to the client for the next transaction &nbsp;&nbsp;&nbsp; char*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; recievedCookies;&nbsp;&nbsp;&nbsp; // Adrian:- Cookies received from client } HTTPSRV_SESSION_STRUCT;</P></PRE><P></P><P>In httpsrv_supp.c at the end of httpsrv_sendhdr add the block between the //Adrian comments:</P><PRE __default_attr="c++" __jive_macro_name="code" class="jive_macro_code _jivemacro_uid_14568408123996439 jive_text_macro" data-renderedposition="742_50_798_240" jivemacro_uid="_14568408123996439"><P>&nbsp;&nbsp;&nbsp; /* Handle transfer encoding. */ &nbsp;&nbsp;&nbsp; if (session-&gt;flags &amp; HTTPSRV_FLAG_IS_TRANSCODED) &nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; httpsrv_print(session, "Transfer-Encoding: chunked\r\n"); &nbsp;&nbsp;&nbsp; }</P><P></P><P>&nbsp;&nbsp;&nbsp; //Adrian &nbsp;&nbsp;&nbsp; if (NULL != session-&gt;onetimeHTTPHdrs) &nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; httpsrv_print(session, session-&gt;onetimeHTTPHdrs); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; free( session-&gt;onetimeHTTPHdrs ); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; session-&gt;onetimeHTTPHdrs = NULL; &nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp; //End Adrian</P><P></P><P>&nbsp;&nbsp;&nbsp; /* End of header */ &nbsp;&nbsp;&nbsp; httpsrv_print(session, "\r\n");</P></PRE><P></P><P>In httpsrv_task.c - httpsrv_ses_alloc add line 27:</P><PRE __default_attr="c++" __jive_macro_name="code" class="jive_macro_code _jivemacro_uid_14568408343283641 jive_text_macro" data-renderedposition="1034_50_798_448" jivemacro_uid="_14568408343283641"><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (session) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; _mem_set_type(session, MEM_TYPE_HTTPSRV_SESSION_STRUCT); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Alloc URI */ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; session-&gt;request.path = _mem_alloc_zero(server-&gt;params.max_uri + 1); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (NULL == session-&gt;request.path) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; goto ERROR; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; _mem_set_type(session-&gt;request.path, MEM_TYPE_HTTPSRV_URI); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Alloc session buffer */ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; session-&gt;buffer.data = _mem_alloc_zero(sizeof(char)*HTTPSRV_SES_BUF_SIZE_PRV); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (NULL == session-&gt;buffer.data) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; goto ERROR; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; #if RTCSCFG_ENABLE_SSL &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (server-&gt;ssl_ctx != 0) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; session-&gt;ssl_sock = RTCS_ssl_socket(server-&gt;ssl_ctx, sock); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (session-&gt;ssl_sock == RTCS_ERROR) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; goto ERROR; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; #endif</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; session-&gt;onetimeHTTPHdrs = NULL; //Adrian</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }</P></PRE><P></P><P>In httpsrv_supp.c - httpsrv_req_hdr add the last else if block:</P><PRE __default_attr="c++" __jive_macro_name="code" class="jive_macro_code _jivemacro_uid_14568347258035422 jive_text_macro" data-renderedposition="1534_50_798_608" jivemacro_uid="_14568347258035422"><P>&nbsp;&nbsp;&nbsp; else if (strncmp(buffer, "Cookie: ", 8) == 0) //Adrian:- Cookie support &nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; param_ptr = buffer+8; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (NULL != session-&gt;recievedCookies) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; _mem_free( session-&gt;recievedCookies ); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //Allocate memory for cookies plus two NULL characters at the end &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; session-&gt;recievedCookies = _mem_alloc_zero( sizeof(char) * strlen( param_ptr ) + (2 * sizeof(char)) ); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (session-&gt;recievedCookies == NULL) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; retval = HTTPSRV_ERR; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; goto EXIT; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //Copy to the session buffer and replace all ';' with NULL to separate strings (final entry will have 2 NULL), also remove spaces before cookie name. &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; char* sessionPtr = session-&gt;recievedCookies; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; while (*param_ptr != 0) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (*param_ptr == ';') &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //Terminate entry with a NULL in the session buffer &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *sessionPtr = 0; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; param_ptr++; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; while (*param_ptr == ' ') &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //Skip past space before next cookie name &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; param_ptr++; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; else &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //Copy the character to the session buffer &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *sessionPtr = *param_ptr; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; param_ptr++; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; sessionPtr++; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp; }</P></PRE><P></P><P>In httpsrv_task.c -&nbsp; httpsrv_ses_free add the block between //Adrian:</P><PRE __default_attr="c++" __jive_macro_name="code" class="jive_macro_code _jivemacro_uid_14568348188745094 jive_text_macro" data-renderedposition="2194_50_798_176" jivemacro_uid="_14568348188745094"><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (session-&gt;ws_handshake) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; _mem_free(session-&gt;ws_handshake); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //Adrian &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (NULL != session-&gt;recievedCookies) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; _mem_free( session-&gt;recievedCookies ); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //Adrian end</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; _mem_free(session);</P></PRE><P></P><P>In httpsrv.h near to the end add:</P><PRE __default_attr="c++" __jive_macro_name="code" class="jive_macro_code jive_text_macro _jivemacro_uid_14568349201996472" data-renderedposition="2422_50_798_512" jivemacro_uid="_14568349201996472"><P>//Adrian char* HTTPSRV_GetCookie( uint32_t ses_handle, char* CookieName );</P><P>In httpsrv.c near to the end add:</P><P>//Retrieve the data for the specified cookie. //IN:&nbsp; uint32_t ses_handle - session containing the cookie data // char* Name - the name of the cookie including the '=' // //OUT: char* - pointer to the cookie data or NULL if cookie not found // char* HTTPSRV_GetCookie( uint32_t ses_handle, char* Name ) { &nbsp;&nbsp;&nbsp; HTTPSRV_SESSION_STRUCT* session = (HTTPSRV_SESSION_STRUCT*) ses_handle; &nbsp;&nbsp;&nbsp; if (NULL == session-&gt;recievedCookies) &nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return NULL; &nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp; char* entry = session-&gt;recievedCookies; &nbsp;&nbsp;&nbsp; uint32_t nameLen = strlen( Name ); &nbsp;&nbsp;&nbsp; while( (*entry != NULL) &amp;&amp; (strncmp( Name, entry, nameLen ) != NULL)) &nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; entry += strlen( entry ) + 1; &nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp; if (*entry == NULL) &nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //Not found &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return NULL; &nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp; return (entry + nameLen); }</P></PRE><P></P><P>To add headers via you code use something like (this adds two cookies called uid and sid during my login cgi call-back):</P><PRE __default_attr="c++" __jive_macro_name="code" class="_jivemacro_uid_14568350800655273 jive_macro_code jive_text_macro" data-renderedposition="2986_50_798_112" jivemacro_uid="_14568350800655273"><P>//Add HTTP header so client stores the user name and password cookies HTTPSRV_SESSION_STRUCT* session = (HTTPSRV_SESSION_STRUCT*)param-&gt;ses_handle; if (NULL == session-&gt;onetimeHTTPHdrs) { &nbsp;&nbsp;&nbsp; session-&gt;onetimeHTTPHdrs = (char*)malloc( 500 ); } sprintf( session-&gt;onetimeHTTPHdrs, "Set-Cookie: uid=%s; Path=/\r\nSet-Cookie: sid=%s; Path=/; HttpOnly\r\n", gActiveEnetUser.UserID, gActiveEnetUser.SessionID );</P></PRE><P></P><P>To get the cookies back use something like during a client request:</P><PRE __default_attr="c++" __jive_macro_name="code" class="_jivemacro_uid_14568387902822738 jive_macro_code jive_text_macro" data-renderedposition="3150_50_798_48" jivemacro_uid="_14568387902822738"><P>//Locate the start of the required cookies in the combined string char* uid = HTTPSRV_GetCookie( ses_handle, "uid=" ); char* sid = HTTPSRV_GetCookie( ses_handle, "sid=" );</P></PRE><P></P><P>I also incorporated a new authentication method that uses the cookies by adding call-back function support to the realm table as follows.</P><P>In httpsrv.h add a new type define and add it to the realm table:</P><PRE __default_attr="c++" __jive_macro_name="code" class="jive_macro_code _jivemacro_uid_14568395080254297 jive_text_macro" data-renderedposition="3302_50_798_208" jivemacro_uid="_14568395080254297"><P>// Adrian:- Call-back authentication call-back prototype typedef int32_t(*HTTPSRV_AUTH_CALLBACK_FN)( uint32_t ses_handle, const char* remote_ip );</P><P>/* ** Authentication realm structure */ typedef struct httpsrv_auth_realm_struct { &nbsp;&nbsp;&nbsp; const char*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; name;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Name of realm. Send to client so user know which login/pass should be used. */ &nbsp;&nbsp;&nbsp; const char*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; path;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Path to file/directory to protect. Relative to root directory */ &nbsp;&nbsp;&nbsp; const HTTPSRV_AUTH_TYPE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; auth_type;&nbsp; /* Authentication type to use. */ &nbsp;&nbsp;&nbsp; const HTTPSRV_AUTH_USER_STRUCT* users;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Table of allowed users. */ &nbsp;&nbsp;&nbsp; const HTTPSRV_AUTH_CALLBACK_FN&nbsp; auth_func; // Adrian:- call-back used to authenticate user } HTTPSRV_AUTH_REALM_STRUCT;</P></PRE><P></P><P>In httpsrv_task.c - httpsrv_req_do add the following block:</P><PRE __default_attr="c++" __jive_macro_name="code" class="jive_macro_code jive_text_macro _jivemacro_uid_14568396347598494" data-renderedposition="3562_50_798_512" jivemacro_uid="_14568396347598494"><P>&nbsp;&nbsp;&nbsp; if (session-&gt;response.auth_realm != NULL) &nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //Adrian:- Implement call-back authentication &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (NULL != session-&gt;response.auth_realm-&gt;auth_func) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; char remote_ip[RTCS_IP_ADDR_STR_SIZE]; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; struct sockaddr l_address; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; struct sockaddr r_address; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; uint16_t length = sizeof(sockaddr); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; getsockname(session-&gt;sock, &amp;l_address, &amp;length); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; getpeername(session-&gt;sock, &amp;r_address, &amp;length); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (l_address.sa_family == AF_INET) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; inet_ntop(r_address.sa_family, &amp;((struct sockaddr_in*) &amp;r_address)-&gt;sin_addr.s_addr, remote_ip, sizeof(remote_ip)); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; else if (l_address.sa_family == AF_INET6) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; inet_ntop(r_address.sa_family, ((struct sockaddr_in6*) &amp;r_address)-&gt;sin6_addr.s6_addr, remote_ip, sizeof(remote_ip)); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; session-&gt;response.status_code = session-&gt;response.auth_realm-&gt;auth_func( (uint32_t)session, remote_ip ); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (session-&gt;response.status_code != HTTPSRV_CODE_OK) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (session-&gt;request.auth.user_id != NULL) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; _mem_free(session-&gt;request.auth.user_id); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; session-&gt;request.auth.user_id = NULL; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; session-&gt;request.auth.password = NULL; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; goto EXIT; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }//Adrian End &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; else if (!httpsrv_check_auth(session-&gt;response.auth_realm, &amp;session-&gt;request.auth))</P></PRE><P></P><P>In my app I only want one user logged in at a time and I have a database of users that is configured dynamically. So I added the call back functions to the table definition as follows:</P><PRE __default_attr="c++" __jive_macro_name="code" class="_jivemacro_uid_14568397114307000 jive_macro_code jive_text_macro" data-renderedposition="4152_50_798_848" jivemacro_uid="_14568397114307000"><P>int32_t auth_Protect( uint32_t ses_handle, const char* remote_ip ); int32_t auth_Admin( uint32_t ses_handle, const char* remote_ip );</P><P>/* * Authentication information. */ static const HTTPSRV_AUTH_REALM_STRUCT auth_realms[] = { &nbsp;&nbsp;&nbsp; { "Users", "protect", HTTPSRV_AUTH_BASIC, NULL, auth_Protect}, &nbsp;&nbsp;&nbsp; { "Admin", "admin", HTTPSRV_AUTH_BASIC, NULL, auth_Admin}, &nbsp;&nbsp;&nbsp; { NULL, NULL, HTTPSRV_AUTH_INVALID, NULL, NULL} /* Array terminator */ };</P><P>int32_t auth_Protect( uint32_t ses_handle, const char* remote_ip ) { &nbsp;&nbsp;&nbsp; if ((gActiveEnetUser.UserID[ 0 ] == 0) || (strcmp( remote_ip, gActiveEnetUser.ClientIP ) != 0)) &nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //Either no user logged in or the request is from a different IP source &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return HTTPSRV_CODE_FORBIDDEN; &nbsp;&nbsp;&nbsp; } &nbsp;&nbsp; &nbsp;&nbsp;&nbsp; //Locate the required cookies &nbsp;&nbsp;&nbsp; char* uid = HTTPSRV_GetCookie( ses_handle, "uid=" ); &nbsp;&nbsp;&nbsp; char* sid = HTTPSRV_GetCookie( ses_handle, "sid=" ); &nbsp;&nbsp;&nbsp; if ((NULL == uid) || (NULL == sid)) &nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //No user or session id &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return HTTPSRV_CODE_FORBIDDEN; &nbsp;&nbsp;&nbsp; }</P><P>&nbsp;&nbsp;&nbsp; if ((*uid == 0) || (*sid == 0)) &nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //No user id or session id &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return HTTPSRV_CODE_FORBIDDEN; &nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp; if ((strcmp( gActiveEnetUser.UserID, uid ) == 0) &amp;&amp;(strcmp( gActiveEnetUser.SessionID, sid ) == 0)) &nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return HTTPSRV_CODE_OK; &nbsp;&nbsp;&nbsp; }</P><P>&nbsp;&nbsp;&nbsp; return HTTPSRV_CODE_FORBIDDEN; }</P><P>int32_t auth_Admin( uint32_t ses_handle, const char* remote_ip ) { &nbsp;&nbsp;&nbsp; int32_t response = auth_Protect( ses_handle, remote_ip ); &nbsp;&nbsp;&nbsp; if (response == HTTPSRV_CODE_OK) &nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //Passed basic authentication so check user permissions &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (gActiveEnetUser.Level &lt; ENET_LEVEL_ADMIN) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; response = HTTPSRV_CODE_FORBIDDEN; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp; return response; }</P></PRE><P></P><P>Hopefully I have remembered all the steps and not missed anything.</P><P></P><P>Best regards,<BR />Adrian</P></BODY></HTML> Tue, 01 Mar 2016 13:49:12 GMT adyr 2016-03-01T13:49:12Z HTTP Cookies https://community.nxp.com/t5/MQX-Software-Solutions/HTTP-Cookies/m-p/496778#M16072 <HTML><HEAD></HEAD><BODY><P>I thought I would share this to give something back to the community.<BR />I have added support for one time HTTP headers that I use to send cookies to the client and support for reading cookies from received headers.<BR />I am using this for an alternative authentication solution that better fits my needs but it is pretty generic.<BR />The steps are based on the KSDK 1.3 with MQX version of the RTCS. I modified the KSDK / MQX source and then rebuilt the library which is then included in my project.<BR />I have added my name in a comment on the new lines / blocks of code and included small sections of the original surrounding code to help find the locations.</P><P></P><P>1. Add two extra char pointers to the HTTPSRV_SESSION_STRUCT:</P><PRE __default_attr="c++" __jive_macro_name="code" class="jive_macro_code _jivemacro_uid_14568345177851307 jive_text_macro" data-renderedposition="290_50_798_400" jivemacro_uid="_14568345177851307"><P>/* * HTTP session structure */ typedef struct httpsrv_session_struct { &nbsp;&nbsp;&nbsp; HTTPSRV_SES_FUNC&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; process_func;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Session process function */ &nbsp;&nbsp;&nbsp; HTTPSRV_SES_STATE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; state;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* HTTP session state */ &nbsp;&nbsp;&nbsp; volatile uint32_t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; valid;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Any value different than HTTPSRV_SESSION_VALID means session is invalid */ &nbsp;&nbsp;&nbsp; volatile uint32_t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; sock;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Session socket */ &nbsp;&nbsp;&nbsp; volatile uint32_t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; time;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Session time. Updated when there is some activity in session. Used for timeout detection. */ &nbsp;&nbsp;&nbsp; uint32_t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; timeout;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Session timeout in ms. timeout_time = time + timeout */ &nbsp;&nbsp;&nbsp; HTTPSRV_BUFF_STRUCT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; buffer;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Session internal read/write buffer */ &nbsp;&nbsp;&nbsp; HTTPSRV_REQ_STRUCT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; request;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Data read from the request */ &nbsp;&nbsp;&nbsp; HTTPSRV_RES_STRUCT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; response;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Response data */ &nbsp;&nbsp;&nbsp; LWSEM_STRUCT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; lock;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Session lock */ &nbsp;&nbsp;&nbsp; volatile _task_id&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; script_tid;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Session script handler */ &nbsp;&nbsp;&nbsp; HTTPSRV_PLUGIN_STRUCT&nbsp;&nbsp;&nbsp; *plugin;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Plugin to be invoked for session. */ &nbsp;&nbsp;&nbsp; WS_HANDSHAKE_STRUCT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *ws_handshake;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* WebSocket hand-shake */ &nbsp;&nbsp;&nbsp; #if RTCSCFG_ENABLE_SSL &nbsp;&nbsp;&nbsp; uint32_t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ssl_sock;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* SSL context handle */ &nbsp;&nbsp;&nbsp; #endif &nbsp;&nbsp;&nbsp; uint32_t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; flags;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Session flags */ &nbsp;&nbsp;&nbsp; char*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; onetimeHTTPHdrs;&nbsp;&nbsp;&nbsp; // Adrian:- Extra headers to be returned to the client for the next transaction &nbsp;&nbsp;&nbsp; char*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; recievedCookies;&nbsp;&nbsp;&nbsp; // Adrian:- Cookies received from client } HTTPSRV_SESSION_STRUCT;</P></PRE><P></P><P>In httpsrv_supp.c at the end of httpsrv_sendhdr add the block between the //Adrian comments:</P><PRE __default_attr="c++" __jive_macro_name="code" class="jive_macro_code _jivemacro_uid_14568408123996439 jive_text_macro" data-renderedposition="742_50_798_240" jivemacro_uid="_14568408123996439"><P>&nbsp;&nbsp;&nbsp; /* Handle transfer encoding. */ &nbsp;&nbsp;&nbsp; if (session-&gt;flags &amp; HTTPSRV_FLAG_IS_TRANSCODED) &nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; httpsrv_print(session, "Transfer-Encoding: chunked\r\n"); &nbsp;&nbsp;&nbsp; }</P><P></P><P>&nbsp;&nbsp;&nbsp; //Adrian &nbsp;&nbsp;&nbsp; if (NULL != session-&gt;onetimeHTTPHdrs) &nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; httpsrv_print(session, session-&gt;onetimeHTTPHdrs); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; free( session-&gt;onetimeHTTPHdrs ); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; session-&gt;onetimeHTTPHdrs = NULL; &nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp; //End Adrian</P><P></P><P>&nbsp;&nbsp;&nbsp; /* End of header */ &nbsp;&nbsp;&nbsp; httpsrv_print(session, "\r\n");</P></PRE><P></P><P>In httpsrv_task.c - httpsrv_ses_alloc add line 27:</P><PRE __default_attr="c++" __jive_macro_name="code" class="jive_macro_code _jivemacro_uid_14568408343283641 jive_text_macro" data-renderedposition="1034_50_798_448" jivemacro_uid="_14568408343283641"><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (session) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; _mem_set_type(session, MEM_TYPE_HTTPSRV_SESSION_STRUCT); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Alloc URI */ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; session-&gt;request.path = _mem_alloc_zero(server-&gt;params.max_uri + 1); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (NULL == session-&gt;request.path) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; goto ERROR; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; _mem_set_type(session-&gt;request.path, MEM_TYPE_HTTPSRV_URI); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Alloc session buffer */ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; session-&gt;buffer.data = _mem_alloc_zero(sizeof(char)*HTTPSRV_SES_BUF_SIZE_PRV); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (NULL == session-&gt;buffer.data) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; goto ERROR; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; #if RTCSCFG_ENABLE_SSL &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (server-&gt;ssl_ctx != 0) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; session-&gt;ssl_sock = RTCS_ssl_socket(server-&gt;ssl_ctx, sock); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (session-&gt;ssl_sock == RTCS_ERROR) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; goto ERROR; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; #endif</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; session-&gt;onetimeHTTPHdrs = NULL; //Adrian</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }</P></PRE><P></P><P>In httpsrv_supp.c - httpsrv_req_hdr add the last else if block:</P><PRE __default_attr="c++" __jive_macro_name="code" class="jive_macro_code _jivemacro_uid_14568347258035422 jive_text_macro" data-renderedposition="1534_50_798_608" jivemacro_uid="_14568347258035422"><P>&nbsp;&nbsp;&nbsp; else if (strncmp(buffer, "Cookie: ", 8) == 0) //Adrian:- Cookie support &nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; param_ptr = buffer+8; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (NULL != session-&gt;recievedCookies) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; _mem_free( session-&gt;recievedCookies ); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //Allocate memory for cookies plus two NULL characters at the end &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; session-&gt;recievedCookies = _mem_alloc_zero( sizeof(char) * strlen( param_ptr ) + (2 * sizeof(char)) ); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (session-&gt;recievedCookies == NULL) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; retval = HTTPSRV_ERR; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; goto EXIT; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //Copy to the session buffer and replace all ';' with NULL to separate strings (final entry will have 2 NULL), also remove spaces before cookie name. &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; char* sessionPtr = session-&gt;recievedCookies; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; while (*param_ptr != 0) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (*param_ptr == ';') &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //Terminate entry with a NULL in the session buffer &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *sessionPtr = 0; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; param_ptr++; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; while (*param_ptr == ' ') &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //Skip past space before next cookie name &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; param_ptr++; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; else &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //Copy the character to the session buffer &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *sessionPtr = *param_ptr; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; param_ptr++; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; sessionPtr++; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp; }</P></PRE><P></P><P>In httpsrv_task.c -&nbsp; httpsrv_ses_free add the block between //Adrian:</P><PRE __default_attr="c++" __jive_macro_name="code" class="jive_macro_code _jivemacro_uid_14568348188745094 jive_text_macro" data-renderedposition="2194_50_798_176" jivemacro_uid="_14568348188745094"><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (session-&gt;ws_handshake) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; _mem_free(session-&gt;ws_handshake); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //Adrian &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (NULL != session-&gt;recievedCookies) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; _mem_free( session-&gt;recievedCookies ); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //Adrian end</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; _mem_free(session);</P></PRE><P></P><P>In httpsrv.h near to the end add:</P><PRE __default_attr="c++" __jive_macro_name="code" class="jive_macro_code jive_text_macro _jivemacro_uid_14568349201996472" data-renderedposition="2422_50_798_512" jivemacro_uid="_14568349201996472"><P>//Adrian char* HTTPSRV_GetCookie( uint32_t ses_handle, char* CookieName );</P><P>In httpsrv.c near to the end add:</P><P>//Retrieve the data for the specified cookie. //IN:&nbsp; uint32_t ses_handle - session containing the cookie data // char* Name - the name of the cookie including the '=' // //OUT: char* - pointer to the cookie data or NULL if cookie not found // char* HTTPSRV_GetCookie( uint32_t ses_handle, char* Name ) { &nbsp;&nbsp;&nbsp; HTTPSRV_SESSION_STRUCT* session = (HTTPSRV_SESSION_STRUCT*) ses_handle; &nbsp;&nbsp;&nbsp; if (NULL == session-&gt;recievedCookies) &nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return NULL; &nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp; char* entry = session-&gt;recievedCookies; &nbsp;&nbsp;&nbsp; uint32_t nameLen = strlen( Name ); &nbsp;&nbsp;&nbsp; while( (*entry != NULL) &amp;&amp; (strncmp( Name, entry, nameLen ) != NULL)) &nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; entry += strlen( entry ) + 1; &nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp; if (*entry == NULL) &nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //Not found &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return NULL; &nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp; return (entry + nameLen); }</P></PRE><P></P><P>To add headers via you code use something like (this adds two cookies called uid and sid during my login cgi call-back):</P><PRE __default_attr="c++" __jive_macro_name="code" class="_jivemacro_uid_14568350800655273 jive_macro_code jive_text_macro" data-renderedposition="2986_50_798_112" jivemacro_uid="_14568350800655273"><P>//Add HTTP header so client stores the user name and password cookies HTTPSRV_SESSION_STRUCT* session = (HTTPSRV_SESSION_STRUCT*)param-&gt;ses_handle; if (NULL == session-&gt;onetimeHTTPHdrs) { &nbsp;&nbsp;&nbsp; session-&gt;onetimeHTTPHdrs = (char*)malloc( 500 ); } sprintf( session-&gt;onetimeHTTPHdrs, "Set-Cookie: uid=%s; Path=/\r\nSet-Cookie: sid=%s; Path=/; HttpOnly\r\n", gActiveEnetUser.UserID, gActiveEnetUser.SessionID );</P></PRE><P></P><P>To get the cookies back use something like during a client request:</P><PRE __default_attr="c++" __jive_macro_name="code" class="_jivemacro_uid_14568387902822738 jive_macro_code jive_text_macro" data-renderedposition="3150_50_798_48" jivemacro_uid="_14568387902822738"><P>//Locate the start of the required cookies in the combined string char* uid = HTTPSRV_GetCookie( ses_handle, "uid=" ); char* sid = HTTPSRV_GetCookie( ses_handle, "sid=" );</P></PRE><P></P><P>I also incorporated a new authentication method that uses the cookies by adding call-back function support to the realm table as follows.</P><P>In httpsrv.h add a new type define and add it to the realm table:</P><PRE __default_attr="c++" __jive_macro_name="code" class="jive_macro_code _jivemacro_uid_14568395080254297 jive_text_macro" data-renderedposition="3302_50_798_208" jivemacro_uid="_14568395080254297"><P>// Adrian:- Call-back authentication call-back prototype typedef int32_t(*HTTPSRV_AUTH_CALLBACK_FN)( uint32_t ses_handle, const char* remote_ip );</P><P>/* ** Authentication realm structure */ typedef struct httpsrv_auth_realm_struct { &nbsp;&nbsp;&nbsp; const char*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; name;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Name of realm. Send to client so user know which login/pass should be used. */ &nbsp;&nbsp;&nbsp; const char*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; path;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Path to file/directory to protect. Relative to root directory */ &nbsp;&nbsp;&nbsp; const HTTPSRV_AUTH_TYPE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; auth_type;&nbsp; /* Authentication type to use. */ &nbsp;&nbsp;&nbsp; const HTTPSRV_AUTH_USER_STRUCT* users;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* Table of allowed users. */ &nbsp;&nbsp;&nbsp; const HTTPSRV_AUTH_CALLBACK_FN&nbsp; auth_func; // Adrian:- call-back used to authenticate user } HTTPSRV_AUTH_REALM_STRUCT;</P></PRE><P></P><P>In httpsrv_task.c - httpsrv_req_do add the following block:</P><PRE __default_attr="c++" __jive_macro_name="code" class="jive_macro_code jive_text_macro _jivemacro_uid_14568396347598494" data-renderedposition="3562_50_798_512" jivemacro_uid="_14568396347598494"><P>&nbsp;&nbsp;&nbsp; if (session-&gt;response.auth_realm != NULL) &nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //Adrian:- Implement call-back authentication &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (NULL != session-&gt;response.auth_realm-&gt;auth_func) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; char remote_ip[RTCS_IP_ADDR_STR_SIZE]; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; struct sockaddr l_address; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; struct sockaddr r_address; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; uint16_t length = sizeof(sockaddr); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; getsockname(session-&gt;sock, &amp;l_address, &amp;length); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; getpeername(session-&gt;sock, &amp;r_address, &amp;length); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (l_address.sa_family == AF_INET) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; inet_ntop(r_address.sa_family, &amp;((struct sockaddr_in*) &amp;r_address)-&gt;sin_addr.s_addr, remote_ip, sizeof(remote_ip)); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; else if (l_address.sa_family == AF_INET6) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; inet_ntop(r_address.sa_family, ((struct sockaddr_in6*) &amp;r_address)-&gt;sin6_addr.s6_addr, remote_ip, sizeof(remote_ip)); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; session-&gt;response.status_code = session-&gt;response.auth_realm-&gt;auth_func( (uint32_t)session, remote_ip ); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (session-&gt;response.status_code != HTTPSRV_CODE_OK) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (session-&gt;request.auth.user_id != NULL) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; _mem_free(session-&gt;request.auth.user_id); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; session-&gt;request.auth.user_id = NULL; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; session-&gt;request.auth.password = NULL; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; goto EXIT; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }//Adrian End &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; else if (!httpsrv_check_auth(session-&gt;response.auth_realm, &amp;session-&gt;request.auth))</P></PRE><P></P><P>In my app I only want one user logged in at a time and I have a database of users that is configured dynamically. So I added the call back functions to the table definition as follows:</P><PRE __default_attr="c++" __jive_macro_name="code" class="_jivemacro_uid_14568397114307000 jive_macro_code jive_text_macro" data-renderedposition="4152_50_798_848" jivemacro_uid="_14568397114307000"><P>int32_t auth_Protect( uint32_t ses_handle, const char* remote_ip ); int32_t auth_Admin( uint32_t ses_handle, const char* remote_ip );</P><P>/* * Authentication information. */ static const HTTPSRV_AUTH_REALM_STRUCT auth_realms[] = { &nbsp;&nbsp;&nbsp; { "Users", "protect", HTTPSRV_AUTH_BASIC, NULL, auth_Protect}, &nbsp;&nbsp;&nbsp; { "Admin", "admin", HTTPSRV_AUTH_BASIC, NULL, auth_Admin}, &nbsp;&nbsp;&nbsp; { NULL, NULL, HTTPSRV_AUTH_INVALID, NULL, NULL} /* Array terminator */ };</P><P>int32_t auth_Protect( uint32_t ses_handle, const char* remote_ip ) { &nbsp;&nbsp;&nbsp; if ((gActiveEnetUser.UserID[ 0 ] == 0) || (strcmp( remote_ip, gActiveEnetUser.ClientIP ) != 0)) &nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //Either no user logged in or the request is from a different IP source &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return HTTPSRV_CODE_FORBIDDEN; &nbsp;&nbsp;&nbsp; } &nbsp;&nbsp; &nbsp;&nbsp;&nbsp; //Locate the required cookies &nbsp;&nbsp;&nbsp; char* uid = HTTPSRV_GetCookie( ses_handle, "uid=" ); &nbsp;&nbsp;&nbsp; char* sid = HTTPSRV_GetCookie( ses_handle, "sid=" ); &nbsp;&nbsp;&nbsp; if ((NULL == uid) || (NULL == sid)) &nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //No user or session id &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return HTTPSRV_CODE_FORBIDDEN; &nbsp;&nbsp;&nbsp; }</P><P>&nbsp;&nbsp;&nbsp; if ((*uid == 0) || (*sid == 0)) &nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //No user id or session id &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return HTTPSRV_CODE_FORBIDDEN; &nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp; if ((strcmp( gActiveEnetUser.UserID, uid ) == 0) &amp;&amp;(strcmp( gActiveEnetUser.SessionID, sid ) == 0)) &nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return HTTPSRV_CODE_OK; &nbsp;&nbsp;&nbsp; }</P><P>&nbsp;&nbsp;&nbsp; return HTTPSRV_CODE_FORBIDDEN; }</P><P>int32_t auth_Admin( uint32_t ses_handle, const char* remote_ip ) { &nbsp;&nbsp;&nbsp; int32_t response = auth_Protect( ses_handle, remote_ip ); &nbsp;&nbsp;&nbsp; if (response == HTTPSRV_CODE_OK) &nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //Passed basic authentication so check user permissions &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (gActiveEnetUser.Level &lt; ENET_LEVEL_ADMIN) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; response = HTTPSRV_CODE_FORBIDDEN; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp; return response; }</P></PRE><P></P><P>Hopefully I have remembered all the steps and not missed anything.</P><P></P><P>Best regards,<BR />Adrian</P></BODY></HTML> Tue, 01 Mar 2016 13:49:12 GMT https://community.nxp.com/t5/MQX-Software-Solutions/HTTP-Cookies/m-p/496778#M16072 adyr 2016-03-01T13:49:12Z