feat: 设置SessionCookieNamePrefix (#8071)

* feat: 设置SessionCookieNamePrefix * feat: 设置SessionCookieNamePrefix Co-authored-by: Jiangjie.Bai <bugatti_it@163.com>
2022-04-15 21:33:15 +08:00 · 2022-04-15 21:33:15 +08:00 · a647e73c02
parent 7b02777f1e
commit a647e73c02
3 changed files with 31 additions and 0 deletions
--- a/apps/authentication/middleware.py
+++ b/apps/authentication/middleware.py
@ -1,5 +1,7 @@
 from django.shortcuts import redirect, reverse
+from django.utils.deprecation import MiddlewareMixin
 from django.http import HttpResponse
+from django.conf import settings


 class MFAMiddleware:
@ -34,3 +36,15 @@ class MFAMiddleware:

        url = reverse('authentication:login-mfa') + '?_=middleware'
        return redirect(url)
+
+
+class SessionCookieMiddleware(MiddlewareMixin):
+
+    @staticmethod
+    def process_response(request, response: HttpResponse):
+        key = settings.SESSION_COOKIE_NAME_PREFIX_KEY
+        value = settings.SESSION_COOKIE_NAME_PREFIX
+        if request.COOKIES.get(key) == value:
+            return response
+        response.set_cookie(key, value)
+        return response
--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@ -157,6 +157,7 @@ class Config(dict):
        'DEFAULT_EXPIRED_YEARS': 70,
        'SESSION_COOKIE_DOMAIN': None,
        'CSRF_COOKIE_DOMAIN': None,
+        'SESSION_COOKIE_NAME_PREFIX': None,
        'SESSION_COOKIE_AGE': 3600 * 24,
        'SESSION_EXPIRE_AT_BROWSER_CLOSE': False,
        'LOGIN_URL': reverse_lazy('authentication:login'),
--- a/apps/jumpserver/settings/base.py
+++ b/apps/jumpserver/settings/base.py
@ -94,10 +94,12 @@ MIDDLEWARE = [
    'authentication.backends.oidc.middleware.OIDCRefreshIDTokenMiddleware',
    'authentication.backends.cas.middleware.CASMiddleware',
    'authentication.middleware.MFAMiddleware',
+    'authentication.middleware.SessionCookieMiddleware',
    'simple_history.middleware.HistoryRequestMiddleware',
 ]

 ROOT_URLCONF = 'jumpserver.urls'
+
 TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
@ -127,6 +129,20 @@ LOGIN_URL = reverse_lazy('authentication:login')

 SESSION_COOKIE_DOMAIN = CONFIG.SESSION_COOKIE_DOMAIN
 CSRF_COOKIE_DOMAIN = CONFIG.SESSION_COOKIE_DOMAIN
+
+# 设置 SESSION_COOKIE_NAME_PREFIX_KEY
+# 解决 不同域 session csrf cookie 获取混乱问题
+SESSION_COOKIE_NAME_PREFIX_KEY = 'SESSION_COOKIE_NAME_PREFIX'
+SESSION_COOKIE_NAME_PREFIX = CONFIG.SESSION_COOKIE_NAME_PREFIX
+if SESSION_COOKIE_NAME_PREFIX is not None:
+    pass
+elif SESSION_COOKIE_DOMAIN is not None:
+    SESSION_COOKIE_NAME_PREFIX = SESSION_COOKIE_DOMAIN.split('.')[0]
+else:
+    SESSION_COOKIE_NAME_PREFIX = 'jms_'
+CSRF_COOKIE_NAME = '{}csrftoken'.format(SESSION_COOKIE_NAME_PREFIX)
+SESSION_COOKIE_NAME = '{}sessionid'.format(SESSION_COOKIE_NAME_PREFIX)
+
 SESSION_COOKIE_AGE = CONFIG.SESSION_COOKIE_AGE
 SESSION_EXPIRE_AT_BROWSER_CLOSE = True
 # 自定义的配置，SESSION_EXPIRE_AT_BROWSER_CLOSE 始终为 True, 下面这个来控制是否强制关闭后过期 cookie