X-Git-Url: https://git.ucc.asn.au/?a=blobdiff_plain;f=server%2Flogin.c;h=d6d7748a2732a6020675d4833223d0f91504f58b;hb=75b9743b95672218a61811b03433c0ab6e00ec5c;hp=78e31f9f0c4f071ab14d6c7e6c6bf0578d799b84;hpb=e3e7914fe2f59765e5f92371329652a02518928c;p=matches%2FMCTX3420.git

diff --git a/server/login.c b/server/login.c
index 78e31f9..d6d7748 100644
--- a/server/login.c
+++ b/server/login.c
@@ -170,14 +170,18 @@ int Login_LDAP_Bind(const char * uri, const char * dn, const char * pass)
 void Logout_Handler(FCGIContext * context, char * params)
 {
 	FCGI_ReleaseControl(context);
-	FCGI_AcceptJSON(context, "Logged out", "0");
+	FCGI_SendControlCookie(context, false); //Unset the cookie
+	FCGI_AcceptJSON(context, "Logged out");
 }
 
 
 /**
  * Handle a Login Request
  * @param context - The context
- * @param params - Parameter string, should contain username and password
+ * @param params - Parameter string, should contain username and password.
+ *				   NOTE: Care should be taken when using params, as it is
+ *				   completely unescaped. Do not log or use it without
+ *                 suitable escaping.
  */
 void Login_Handler(FCGIContext * context, char * params)
 {
@@ -219,7 +223,7 @@ void Login_Handler(FCGIContext * context, char * params)
 
 		case AUTH_LDAP:
 		{
-			if (strlen(pass) <= 0)
+			if (*pass == '\0')
 			{
 				FCGI_RejectJSON(context, "No password supplied.");
 				return;
@@ -280,7 +284,8 @@ void Login_Handler(FCGIContext * context, char * params)
 		{
 			FCGI_EscapeText(context->user_name); //Don't break javascript pls
 			// Give the user a cookie
-			FCGI_AcceptJSON(context, "Logged in", context->control_key);
+			FCGI_SendControlCookie(context, true); //Send the control key
+			FCGI_AcceptJSON(context, "Logged in");
 			Log(LOGDEBUG, "Successful authentication for %s", user);
 		}
 		else