conf/ldap/ldap.env

@@ -7,4 +7,3 @@ LDAP_FILTER="(&)"
 LDAP_UID="cn"
 
 HTTP_HOST=auth.example.com
-COOKIE_DOMAIN=example.com

src/web/helpers/auth.php

@@ -2,32 +2,6 @@
 
 $keys = array();
 
-function get_cookie() {
-	$cookie_name = 'X-LDAP-Auth-Key';
-	if(isset($_COOKIE[$cookie_name])) {
-		return $_COOKIE[$cookie_name];
-	} else {
-		return FALSE;
-	}
-}
-
-function store_cookie($key) {
-	$cookie_name = 'X-LDAP-Auth-Key';
-	$cookie_options = array (
-         'expires' => time() + 60*60*24*30,
-         'path' => '/',
-		 'domain' => getenv("COOKIE_DOMAIN"),
-		 'secure' => true,
-		 'httponly' => true,
-		 'samesite' => 'None'
-    );
-	setcookie(
-		$cookie_name,
-		$key,
-		$cookie_options
-	);
-}
-
 function load_key($key) {
 	$file = "/tmp/$key";
 	if (!file_exists($file))
@@ -60,10 +34,10 @@ function get_random($n)
 }
 
 function key_auth() {
-	$key = get_cookie();
+	if (!isset($_SESSION['auth'])) {
-	if ($key === FALSE) {
 		return FALSE;
 	}
+	$key = $_SESSION['auth'];
 	$data = load_key($key);
 	if ($data === FALSE) {
 		return FALSE;
@@ -81,5 +55,5 @@ function key_auth() {
 function key_new($user) {
 	$key = get_random(128);
 	store_key($key, $user);
-	store_cookie($key);
+	$_SESSION['auth'] = $key;
 }

src/web/index.php

@@ -10,6 +10,15 @@ require($webroot . '/helpers/ldap.php');
 require($webroot . '/helpers/auth.php');
 
 // start session
+session_set_cookie_params(
+	60 * 60 * 24, // lifetime (seconds),
+	'/', // path
+	NULL, // domain,
+	TRUE, // secure,
+	TRUE // http only
+);
+session_start();
+
 function page($file,  $data = array()) {
 	extract($data);
 	$webroot = $GLOBALS['webroot'];
@@ -47,8 +56,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
 	if ($_SERVER['REQUEST_URI'] !== '/login') {
 		// we are being forwarded authed
 		// redirect
-		http_response_code(303);
+		http_response_code(301);
-		header("Location: http://$env/login");
+		header("Location: https://$env/login");
 	} else {
 		page('login', array(
 			'title' => 'Login'