1 /* ====================================================================
2 * The Apache Software License, Version 1.1
4 * Copyright (c) 2000-2002 The Apache Software Foundation. All rights
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * 3. The end-user documentation included with the redistribution,
20 * if any, must include the following acknowledgment:
21 * "This product includes software developed by the
22 * Apache Software Foundation (http://www.apache.org/)."
23 * Alternately, this acknowledgment may appear in the software itself,
24 * if and wherever such third-party acknowledgments normally appear.
26 * 4. The names "Apache" and "Apache Software Foundation" must
27 * not be used to endorse or promote products derived from this
28 * software without prior written permission. For written
29 * permission, please contact apache@apache.org.
31 * 5. Products derived from this software may not be called "Apache",
32 * nor may "Apache" appear in their name, without prior written
33 * permission of the Apache Software Foundation.
35 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
36 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
37 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
38 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
41 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
42 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
43 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
44 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
45 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
47 * ====================================================================
49 * This software consists of voluntary contributions made by many
50 * individuals on behalf of the Apache Software Foundation. For more
51 * information on the Apache Software Foundation, please see
52 * <http://www.apache.org/>.
54 * Portions of this software are based upon public domain software
55 * originally written at the National Center for Supercomputing Applications,
56 * University of Illinois, Urbana-Champaign.
59 /* User Tracking Module (Was mod_cookies.c)
61 * *** IMPORTANT NOTE: This module is not designed to generate
62 * *** cryptographically secure cookies. This means you should not
63 * *** use cookies generated by this module for authentication purposes
65 * This Apache module is designed to track users paths through a site.
66 * It uses the client-side state ("Cookie") protocol developed by Netscape.
67 * It is known to work on most browsers.
69 * Each time a page is requested we look to see if the browser is sending
70 * us a Cookie: header that we previously generated.
72 * If we don't find one then the user hasn't been to this site since
73 * starting their browser or their browser doesn't support cookies. So
74 * we generate a unique Cookie for the transaction and send it back to
75 * the browser (via a "Set-Cookie" header)
76 * Future requests from the same browser should keep the same Cookie line.
78 * By matching up all the requests with the same cookie you can
79 * work out exactly what path a user took through your site. To log
80 * the cookie use the " %{Cookie}n " directive in a custom access log;
82 * Example 1 : If you currently use the standard Log file format (CLF)
83 * and use the command "TransferLog somefilename", add the line
84 * LogFormat "%h %l %u %t \"%r\" %s %b %{Cookie}n"
85 * to your config file.
87 * Example 2 : If you used to use the old "CookieLog" directive, you
88 * can emulate it by adding the following command to your config file
89 * CustomLog filename "%{Cookie}n \"%r\" %t"
91 * Mark Cox, mjc@apache.org, 6 July 95
93 * This file replaces mod_cookies.c
98 #include "apr_strings.h"
100 #define APR_WANT_STRFUNC
101 #include "apr_want.h"
104 #include "http_config.h"
105 #include "http_core.h"
106 #include "http_request.h"
109 module AP_MODULE_DECLARE_DATA usertrack_module;
130 /* Make Cookie: Now we have to generate something that is going to be
131 * pretty unique. We can base it on the pid, time, hostip */
133 #define COOKIE_NAME "Apache"
135 static void make_cookie(request_rec *r)
137 cookie_log_state *cls = ap_get_module_config(r->server->module_config,
139 /* 1024 == hardcoded constant */
140 char cookiebuf[1024];
142 const char *rname = ap_get_remote_host(r->connection, r->per_dir_config,
144 cookie_dir_rec *dcfg;
146 dcfg = ap_get_module_config(r->per_dir_config, &usertrack_module);
148 /* XXX: hmm, this should really tie in with mod_unique_id */
149 apr_snprintf(cookiebuf, sizeof(cookiebuf), "%s.%qd", rname, apr_time_now());
153 /* Cookie with date; as strftime '%a, %d-%h-%y %H:%M:%S GMT' */
154 new_cookie = apr_psprintf(r->pool, "%s=%s; path=/",
155 dcfg->cookie_name, cookiebuf);
157 if ((dcfg->style == CT_UNSET) || (dcfg->style == CT_NETSCAPE)) {
159 apr_explode_gmt(&tms, r->request_time
160 + cls->expires * APR_USEC_PER_SEC);
161 new_cookie = apr_psprintf(r->pool,
163 "%.2d-%s-%.2d %.2d:%.2d:%.2d GMT",
164 new_cookie, apr_day_snames[tms.tm_wday],
166 apr_month_snames[tms.tm_mon],
168 tms.tm_hour, tms.tm_min, tms.tm_sec);
171 new_cookie = apr_psprintf(r->pool, "%s; max-age=%d",
172 new_cookie, cls->expires);
176 new_cookie = apr_psprintf(r->pool, "%s=%s; path=/",
177 dcfg->cookie_name, cookiebuf);
179 if (dcfg->cookie_domain != NULL) {
180 new_cookie = apr_pstrcat(r->pool, new_cookie, "; domain=",
182 (dcfg->style == CT_COOKIE2
188 apr_table_setn(r->headers_out,
189 (dcfg->style == CT_COOKIE2 ? "Set-Cookie2" : "Set-Cookie"),
191 apr_table_setn(r->notes, "cookie", apr_pstrdup(r->pool, cookiebuf)); /* log first time */
195 static int spot_cookie(request_rec *r)
197 cookie_dir_rec *dcfg = ap_get_module_config(r->per_dir_config,
202 if (!dcfg->enabled) {
206 if ((cookie = apr_table_get(r->headers_in,
207 (dcfg->style == CT_COOKIE2
210 if ((value = ap_strstr_c(cookie, dcfg->cookie_name))) {
211 char *cookiebuf, *cookieend;
213 value += strlen(dcfg->cookie_name) + 1; /* Skip over the '=' */
214 cookiebuf = apr_pstrdup(r->pool, value);
215 cookieend = strchr(cookiebuf, ';');
217 *cookieend = '\0'; /* Ignore anything after a ; */
219 /* Set the cookie in a note, for logging */
220 apr_table_setn(r->notes, "cookie", cookiebuf);
222 return DECLINED; /* There's already a cookie, no new one */
225 return OK; /* We set our cookie */
228 static void *make_cookie_log_state(apr_pool_t *p, server_rec *s)
230 cookie_log_state *cls =
231 (cookie_log_state *) apr_palloc(p, sizeof(cookie_log_state));
238 static void *make_cookie_dir(apr_pool_t *p, char *d)
240 cookie_dir_rec *dcfg;
242 dcfg = (cookie_dir_rec *) apr_pcalloc(p, sizeof(cookie_dir_rec));
243 dcfg->cookie_name = COOKIE_NAME;
244 dcfg->cookie_domain = NULL;
245 dcfg->style = CT_UNSET;
250 static const char *set_cookie_enable(cmd_parms *cmd, void *mconfig, int arg)
252 cookie_dir_rec *dcfg = mconfig;
258 static const char *set_cookie_exp(cmd_parms *parms, void *dummy,
261 cookie_log_state *cls;
262 time_t factor, modifier = 0;
266 cls = ap_get_module_config(parms->server->module_config,
268 /* The simple case first - all numbers (we assume) */
269 if (apr_isdigit(arg[0]) && apr_isdigit(arg[strlen(arg) - 1])) {
270 cls->expires = atol(arg);
275 * The harder case - stolen from mod_expires
277 * CookieExpires "[plus] {<num> <type>}*"
280 word = ap_getword_conf(parms->pool, &arg);
281 if (!strncasecmp(word, "plus", 1)) {
282 word = ap_getword_conf(parms->pool, &arg);
285 /* {<num> <type>}* */
288 if (apr_isdigit(word[0]))
291 return "bad expires code, numeric value expected.";
294 word = ap_getword_conf(parms->pool, &arg);
296 return "bad expires code, missing <type>";
299 if (!strncasecmp(word, "years", 1))
300 factor = 60 * 60 * 24 * 365;
301 else if (!strncasecmp(word, "months", 2))
302 factor = 60 * 60 * 24 * 30;
303 else if (!strncasecmp(word, "weeks", 1))
304 factor = 60 * 60 * 24 * 7;
305 else if (!strncasecmp(word, "days", 1))
306 factor = 60 * 60 * 24;
307 else if (!strncasecmp(word, "hours", 1))
309 else if (!strncasecmp(word, "minutes", 2))
311 else if (!strncasecmp(word, "seconds", 1))
314 return "bad expires code, unrecognized type";
316 modifier = modifier + factor * num;
319 word = ap_getword_conf(parms->pool, &arg);
322 cls->expires = modifier;
327 static const char *set_cookie_name(cmd_parms *cmd, void *mconfig,
330 cookie_dir_rec *dcfg = (cookie_dir_rec *) mconfig;
332 dcfg->cookie_name = apr_pstrdup(cmd->pool, name);
337 * Set the value for the 'Domain=' attribute.
339 static const char *set_cookie_domain(cmd_parms *cmd, void *mconfig,
342 cookie_dir_rec *dcfg;
344 dcfg = (cookie_dir_rec *) mconfig;
347 * Apply the restrictions on cookie domain attributes.
349 if (strlen(name) == 0) {
350 return "CookieDomain values may not be null";
352 if (name[0] != '.') {
353 return "CookieDomain values must begin with a dot";
355 if (ap_strchr_c(&name[1], '.') == NULL) {
356 return "CookieDomain values must contain at least one embedded dot";
359 dcfg->cookie_domain = apr_pstrdup(cmd->pool, name);
364 * Make a note of the cookie style we should use.
366 static const char *set_cookie_style(cmd_parms *cmd, void *mconfig,
369 cookie_dir_rec *dcfg;
371 dcfg = (cookie_dir_rec *) mconfig;
373 if (strcasecmp(name, "Netscape") == 0) {
374 dcfg->style = CT_NETSCAPE;
376 else if ((strcasecmp(name, "Cookie") == 0)
377 || (strcasecmp(name, "RFC2109") == 0)) {
378 dcfg->style = CT_COOKIE;
380 else if ((strcasecmp(name, "Cookie2") == 0)
381 || (strcasecmp(name, "RFC2965") == 0)) {
382 dcfg->style = CT_COOKIE2;
385 return apr_psprintf(cmd->pool, "Invalid %s keyword: '%s'",
386 cmd->cmd->name, name);
392 static const command_rec cookie_log_cmds[] = {
393 AP_INIT_TAKE1("CookieExpires", set_cookie_exp, NULL, OR_FILEINFO,
394 "an expiry date code"),
395 AP_INIT_TAKE1("CookieDomain", set_cookie_domain, NULL, OR_FILEINFO,
396 "domain to which this cookie applies"),
397 AP_INIT_TAKE1("CookieStyle", set_cookie_style, NULL, OR_FILEINFO,
398 "'Netscape', 'Cookie' (RFC2109), or 'Cookie2' (RFC2965)"),
399 AP_INIT_FLAG("CookieTracking", set_cookie_enable, NULL, OR_FILEINFO,
400 "whether or not to enable cookies"),
401 AP_INIT_TAKE1("CookieName", set_cookie_name, NULL, OR_FILEINFO,
402 "name of the tracking cookie"),
406 static void register_hooks(apr_pool_t *p)
408 ap_hook_fixups(spot_cookie,NULL,NULL,APR_HOOK_MIDDLE);
411 module AP_MODULE_DECLARE_DATA usertrack_module = {
412 STANDARD20_MODULE_STUFF,
413 make_cookie_dir, /* dir config creater */
414 NULL, /* dir merger --- default is to override */
415 make_cookie_log_state, /* server config */
416 NULL, /* merge server configs */
417 cookie_log_cmds, /* command apr_table_t */
418 register_hooks /* register hooks */