From 8d1e618dbf5d7bef87757e9e5fe11cca4303b268 Mon Sep 17 00:00:00 2001
From: martinahansen <martinahansen@74ccb610-7750-0410-82ae-013aeee3265d>
Date: Tue, 8 Dec 2009 14:42:36 +0000
Subject: [PATCH] added security to browser

git-svn-id: http://biopieces.googlecode.com/svn/trunk@799 74ccb610-7750-0410-82ae-013aeee3265d
---
 www/index.cgi | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/www/index.cgi b/www/index.cgi
index 76036aa..0da2599 100755
--- a/www/index.cgi
+++ b/www/index.cgi
@@ -200,6 +200,7 @@ sub cookie_session
     $session = Maasha::BBrowser::Session::session_restore( "$cookie->{ 'SESSION_DIR' }/sessions.txt" );
 
     $cookie->{ 'PAGE' } = 'login' if not $cookie->{ 'SESSION_ID' };
+    $cookie->{ 'PAGE' } = 'login' if $cookie->{ 'SESSION_ID' } ne $ENV{ 'SSL_SESSION_ID' };
     $cookie->{ 'PAGE' } = 'login' if not exists $session->{ $cookie->{ 'USER' } };
     $cookie->{ 'PAGE' } = 'login' if $session->{ $cookie->{ 'USER' } }->{ 'SESSION_ID' } ne $cookie->{ 'SESSION_ID' };
 }
@@ -226,7 +227,8 @@ sub cookie_login
         if ( exists $session->{ $cookie->{ 'USER' } } and
              $session->{ $cookie->{ 'USER' } }->{ 'PASSWORD' } eq Digest::MD5::md5_hex( $cookie->{ 'PASSWORD' } ) )
         {
-            $session->{ $cookie->{ 'USER' } }->{ 'SESSION_ID' } ||= Maasha::BBrowser::Session::session_new();
+            # $session->{ $cookie->{ 'USER' } }->{ 'SESSION_ID' } ||= Maasha::BBrowser::Session::session_new();
+            $session->{ $cookie->{ 'USER' } }->{ 'SESSION_ID' }   = $ENV{ 'SSL_SESSION_ID' };
             $session->{ $cookie->{ 'USER' } }->{ 'TIME' }         = Maasha::Common::time_stamp();
 
             $cookie->{ 'SESSION_ID' } = $session->{ $cookie->{ 'USER' } }->{ 'SESSION_ID' };
-- 
2.39.2