Forum Discussion
karthik_sriniva
Nimbostratus
NimbostratusSetting HTTP COOkie
Hi,
I am trying to set a HTTP Cookie from AUTH_SUCCESS event and I get the following error
[command is not valid in current event context (AUTH_SUCCESS)] [HTTP::username]
...
I assume you trying to use a cookie to bypass authentication. In this manner, cookie should be set in HTTP_RESPONSE, so client will get it, otherwise HTTP server just would throw it away.
Here is a sample rule you can take a look. It is in database. Certainly, you can have it done in your own style.
when CLIENT_ACCEPTED {
set authinsck 0
set forceauth 1
set ckname BIGXAUTH
set ckpass 1xxx5678
set ckvalue [IP::client_addr]
set ckdomain .y.z
set asid [AUTH::start pam default_radius]
}
when HTTP_REQUEST {
if {[HTTP::cookie exists $ckname]} {
HTTP::cookie decrypt $ckname $ckpass 128
if {[HTTP::cookie value $ckname] eq $ckvalue} {
set forceauth 0
}
HTTP::cookie remove $ckname
}
if {$forceauth eq 1} {
AUTH::username_credential $asid [HTTP::username]
AUTH::password_credential $asid [HTTP::password]
AUTH::authenticate $asid
HTTP::collect
}
}
when HTTP_RESPONSE {
if {$authinsck eq 1} {
HTTP::cookie insert name $ckname value $ckvalue path / domain $ckdomain
HTTP::cookie secure $ckname enable
HTTP::cookie encrypt $ckname $ckpass 128
}
}
when AUTH_SUCCESS {
if {$asid eq [AUTH::last_event_session_id]} {
set authinsck 1
HTTP::release
}
}
when AUTH_FAILURE {
if {$asid eq [AUTH::last_event_session_id]} {
HTTP::respond 401 "WWW-Authenticate" "Basic realm=\"\""
}
}
when AUTH_WANTCREDENTIAL {
if {$asid eq [AUTH::last_event_session_id]} {
HTTP::respond 401 "WWW-Authenticate" "Basic realm=\"\""
}
}
when AUTH_ERROR {
if {$asid eq [AUTH::last_event_session_id]} {
HTTP::respond 401
}
}
