damn-vulnerable-web-server/session_manager.cpp at main · snoopysecurity/damn-vulnerable-web-server · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
#include "response_handler.h"  // Include the response handler header, not the source file
#include <iostream>
#include <unordered_map>
#include <string>
#include <ctime>
#include <cstdlib>
#include <cstring>
#include <unistd.h>
#include <sys/socket.h>

// Global map to store session data (for simplicity)
std::unordered_map<std::string, std::string> sessions;  // session_id -> user_data

// Function to generate a unique session ID (using random numbers)
std::string generate_session_id() {
    srand(time(0));
    std::string session_id = "SESSION_" + std::to_string(rand());
    return session_id;
}

void set_session_cookie(int client_socket, const std::string& session_id) {
    std::string cookie_header = "Set-Cookie: session_id=" + session_id + "; HttpOnly; Path=/\r\n";
    std::string response_body = "Session Created";

    send_200_response(client_socket, response_body, cookie_header);
}

std::string get_session_id_from_cookie(const std::string& request) {
    size_t cookie_pos = request.find("Cookie:");
    if (cookie_pos == std::string::npos) {
        return "";
    }

    size_t session_pos = request.find("session_id=", cookie_pos);
    if (session_pos == std::string::npos) {
        return "";
    }

    size_t start = session_pos + strlen("session_id=");
    size_t end = request.find(";", start);
    if (end == std::string::npos) {
        end = request.find("\r\n", start);
    }

    if (end != std::string::npos) {
        return request.substr(start, end - start);
    }

    return "";
}


// Function to set a session cookie (sends a Set-Cookie header to the client)
// This will set the cookie only if it's not already present
std::string set_session_cookie_if_needed(const std::string& request) {
    std::string session_id = get_session_id_from_cookie(request);

    if (session_id.empty()) {
        session_id = generate_session_id();
        sessions[session_id] = "default_user_data";  // Optionally store initial data
        return "Set-Cookie: session_id=" + session_id + "; HttpOnly; Path=/\r\n";
    }

    return "";  // No cookie needed, already exists
}

// Function to handle session expiration or invalidation (e.g., logout)
void invalidate_session(int client_socket) {
    std::string cookie = "Set-Cookie: session_id=; expires=Thu, 01 Jan 1970 00:00:00 GMT; Path=/\r\n";
    std::string response_body = "Session Expired";
    send_200_response(client_socket, response_body, cookie);  // Using the response handler to send response
}

// Function to check if a session is valid
bool is_valid_session(const std::string& session_id) {
    return sessions.find(session_id) != sessions.end();  // Check if the session_id exists in the map
}

// Function to set session data (like authentication status) for a session ID
void set_session_data(const std::string& session_id, const std::string& data) {
    sessions[session_id] = data;  // Store user data against the session ID
}

// Function to get session data (like authentication status) for a session ID
std::string get_session_data(const std::string& session_id) {
    if (sessions.find(session_id) != sessions.end()) {
        return sessions[session_id];  // Return user data if session exists
    }
    return "";
}