view tests/cookieSec.ur @ 2071:739172204214

Introduce recv timeout controlled by '-T' option in http.c This should prevent a DDoS attack where attacker and keeps the connection open but send no data.
author Sergey Mironov <grrwlf@gmail.com>
date Tue, 02 Sep 2014 17:42:10 +0000
parents f2a2be93331c
children
line wrap: on
line source
table t : {Id : int}

cookie c : int

fun setter r =
    setCookie c (readError r.Id);
    return <xml>Done</xml>

fun writer () =
    ido <- getCookie c;
    case ido of
        None => error <xml>No cookie</xml>
      | Some id => dml (INSERT INTO t (Id) VALUES ({[id]}));
                   return <xml>Done</xml>

fun main () = return <xml><body>
  <form>
    <textbox{#Id}/> <submit value="Get cookie" action={setter}/>
  </form>

  <form>
    <submit value="Write to database" action={writer}/>
  </form>
</body></xml>