added security to browser

git-svn-id: http://biopieces.googlecode.com/svn/trunk@799 74ccb610-7750-0410-82ae-013aeee3265d

diff --git a/www/index.cgi b/www/index.cgi
index 76036aa0d8ee824852971130f86ce2af958c9258..0da25999dfc111cedc77cec42144471291e40dd1 100755 (executable)
--- a/www/index.cgi
+++ b/www/index.cgi
@@ -200,6 +200,7 @@ sub cookie_session
     $session = Maasha::BBrowser::Session::session_restore( "$cookie->{ 'SESSION_DIR' }/sessions.txt" );
 
     $cookie->{ 'PAGE' } = 'login' if not $cookie->{ 'SESSION_ID' };
+    $cookie->{ 'PAGE' } = 'login' if $cookie->{ 'SESSION_ID' } ne $ENV{ 'SSL_SESSION_ID' };
     $cookie->{ 'PAGE' } = 'login' if not exists $session->{ $cookie->{ 'USER' } };
     $cookie->{ 'PAGE' } = 'login' if $session->{ $cookie->{ 'USER' } }->{ 'SESSION_ID' } ne $cookie->{ 'SESSION_ID' };
 }
@@ -226,7 +227,8 @@ sub cookie_login
         if ( exists $session->{ $cookie->{ 'USER' } } and
              $session->{ $cookie->{ 'USER' } }->{ 'PASSWORD' } eq Digest::MD5::md5_hex( $cookie->{ 'PASSWORD' } ) )
         {
-            $session->{ $cookie->{ 'USER' } }->{ 'SESSION_ID' } ||= Maasha::BBrowser::Session::session_new();
+            # $session->{ $cookie->{ 'USER' } }->{ 'SESSION_ID' } ||= Maasha::BBrowser::Session::session_new();
+            $session->{ $cookie->{ 'USER' } }->{ 'SESSION_ID' }   = $ENV{ 'SSL_SESSION_ID' };
             $session->{ $cookie->{ 'USER' } }->{ 'TIME' }         = Maasha::Common::time_stamp();
 
             $cookie->{ 'SESSION_ID' } = $session->{ $cookie->{ 'USER' } }->{ 'SESSION_ID' };