From 6a857005193e789eab09cac34949eb6904451468 Mon Sep 17 00:00:00 2001
From: Jeff Godin <jgodin@tadl.org>
Date: Fri, 12 Oct 2012 10:26:23 -0400
Subject: [PATCH] Move to PerlSetVar for shared_ses cookie domain

Move from SetEnv to PerlSetVar for shared_ses cookie domain, clean
up regex matching of domain.

Signed-off-by: Jeff Godin <jgodin@tadl.org>
---
 Open-ILS/examples/apache/eg_vhost.conf             |  4 +++
 .../src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm    | 29 +++++++++++++---------
 2 files changed, 21 insertions(+), 12 deletions(-)

diff --git a/Open-ILS/examples/apache/eg_vhost.conf b/Open-ILS/examples/apache/eg_vhost.conf
index 81903c93c1..cb7cffe2a1 100644
--- a/Open-ILS/examples/apache/eg_vhost.conf
+++ b/Open-ILS/examples/apache/eg_vhost.conf
@@ -565,6 +565,10 @@ RewriteRule ^/openurl$ ${openurl:%1} [NE,PT]
     PerlSetVar OILSWebWebDir "/openils/var/web"
     PerlSetVar OILSWebDefaultTemplateExtension "tt2"
 
+    # An optional domain-level cookie "shared_ses" which will contain the
+    # evergreen auth token in addition to the standard "ses" cookie
+    #PerlSetVar OILSWebSharedSesCookieDomain "example.org"
+
     # Enable Template-Toolkit error debugging messages (apache error log)
     PerlSetVar OILSWebDebugTemplate "true"
 
diff --git a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm
index b477481217..45d6ea2344 100644
--- a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm
@@ -436,18 +436,23 @@ sub load_login {
         )
     ];
 
-    if (defined($ENV{shared_ses_domain} && $self->apache->hostname =~ /$ENV{shares_ses_domain}/)) {
-        push @$cookies,
-        # an optional domain-shared copy of the auth token, useful for
-        # some SSO-like environments
-        $cgi->cookie(
-            -name => COOKIE_SHARED_SES,
-            -path => '/',
-            -domain => $ENV{shared_ses_domain},
-            -secure => 1,
-            -value => $response->{payload}->{authtoken},
-            -expires => $login_cookie_expires
-        );
+    if (defined($self->apache->dir_config('OILSWebSharedSesCookieDomain'))) {
+        my $shared_ses_domain = $self->apache->dir_config('OILSWebSharedSesCookieDomain');
+        my $shared_ses_domain_regex = '\.' . $shared_ses_domain . '$';
+
+        if ($self->apache->hostname =~ /$shared_ses_domain_regex/ {
+            push @$cookies,
+            # an optional domain-shared copy of the auth token, useful for
+            # some SSO-like environments
+            $cgi->cookie(
+                -name => COOKIE_SHARED_SES,
+                -path => '/',
+                -domain => $shared_ses_domain,
+                -secure => 1,
+                -value => $response->{payload}->{authtoken},
+                -expires => $login_cookie_expires
+            );
+        }
     }
 
     return $self->generic_redirect(
-- 
2.11.0