--- loncom/auth/lonauth.pm	2019/08/01 00:42:34	1.121.2.17
+++ loncom/auth/lonauth.pm	2021/01/04 03:48:29	1.121.2.21
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # User Authentication Module
 #
-# $Id: lonauth.pm,v 1.121.2.17 2019/08/01 00:42:34 raeburn Exp $
+# $Id: lonauth.pm,v 1.121.2.21 2021/01/04 03:48:29 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -40,11 +40,12 @@ use Fcntl qw(:flock);
 use Apache::lonlocal;
 use Apache::File();
 use HTML::Entities;
+use Digest::MD5;
  
 # ------------------------------------------------------------ Successful login
 sub success {
     my ($r, $username, $domain, $authhost, $lowerurl, $extra_env,
-	$form) = @_;
+	$form,$cid) = @_;
 
 # ------------------------------------------------------------ Get cookie ready
     my $cookie =
@@ -58,8 +59,9 @@ sub success {
 
 # -------------------------------------------------------------------- Log this
 
+    my $ip = &Apache::lonnet::get_requestor_ip();
     &Apache::lonnet::log($domain,$username,$authhost,
-                         "Login $ENV{'REMOTE_ADDR'}");
+                         "Login $ip");
 
 # ------------------------------------------------- Check for critical messages
 
@@ -70,8 +72,27 @@ sub success {
         }
     }
 
-# ------------------------------------------------------------ Get cookie ready
-    $cookie="lonID=$cookie; path=/; HttpOnly";
+# ------------------------------------------------------------ Get cookies ready
+    my ($securecookie,$defaultcookie);
+    my $ssl = $r->subprocess_env('https');
+    if ($ssl) {
+        $securecookie="lonSID=$cookie; path=/; HttpOnly; secure";
+        my $lonidsdir=$r->dir_config('lonIDsDir');
+        if (($lonidsdir) && (-e "$lonidsdir/$cookie.id")) {
+            my $linkname=substr(Digest::MD5::md5_hex(Digest::MD5::md5_hex(time(). {}. rand(). $$)), 0, 32).'_linked';
+            if (-e "$lonidsdir/$linkname.id") {
+                unlink("$lonidsdir/$linkname.id");
+            }
+            my $made_symlink = eval { symlink("$lonidsdir/$cookie.id",
+                                              "$lonidsdir/$linkname.id"); 1 };
+            if ($made_symlink) {
+                $defaultcookie = "lonLinkID=$linkname; path=/; HttpOnly;";
+                &Apache::lonnet::appenv({'user.linkedenv' => $linkname});
+            }
+        }
+    } else {
+        $defaultcookie = "lonID=$cookie; path=/; HttpOnly;";
+    }
 # -------------------------------------------------------- Menu script and info
     my $destination = $lowerurl;
 
@@ -97,16 +118,26 @@ sub success {
     }
     if (defined($form->{symb})) {
         my $destsymb = $form->{symb};
+        my $encrypted;
+        if ($destsymb =~ m{^/enc/}) {
+            $encrypted = 1;
+            if ($cid) {
+                $destsymb = &Apache::lonenc::unencrypted($destsymb,$cid);
+            }
+        }
         $destination  .= ($destination =~ /\?/) ? '&' : '?';
         if ($destsymb =~ /___/) {
-            # FIXME Need to deal with encrypted symbs and urls as needed.
             my ($map,$resid,$desturl)=split(/___/,$destsymb);
             $desturl = &Apache::lonnet::clutter($desturl);
+            if ($encrypted) {
+                $desturl = &Apache::lonenc::encrypted($desturl,1,$cid);
+                $destsymb = $form->{symb};
+            }
             $desturl = &HTML::Entities::encode($desturl,'"<>&');
             $destsymb = &HTML::Entities::encode($destsymb,'"<>&');
             $destination .= 'destinationurl='.$desturl.
                             '&destsymb='.$destsymb;
-        } else {
+        } elsif (!$encrypted) {
             $destsymb = &HTML::Entities::encode($destsymb,'"<>&');
             $destination .= 'destinationurl='.$destsymb;
         }
@@ -136,7 +167,12 @@ sub success {
 # ------------------------------------------------- Output for successful login
 
     &Apache::loncommon::content_type($r,'text/html');
-    $r->header_out('Set-cookie' => $cookie);
+    if ($securecookie) {
+        $r->headers_out->add('Set-cookie' => $securecookie);
+    }
+    if ($defaultcookie) {
+        $r->headers_out->add('Set-cookie' => $defaultcookie);
+    }
     $r->send_http_header;
 
     my %lt=&Apache::lonlocal::texthash(
@@ -503,6 +539,11 @@ sub handler {
         ($is_balancer,$otherserver) =
             &Apache::lonnet::check_loadbalancing($form{'uname'},$form{'udom'},'login');
         if ($is_balancer) {
+            # Check if browser sent a LON-CAPA load balancer cookie (and this is a balancer)
+            my ($found_server,$balancer_cookie) = &Apache::lonnet::check_for_balancer_cookie($r);
+            if (($found_server) && ($balancer_cookie =~ /^\Q$env{'user.domain'}\E_\Q$env{'user.name'}\E_/)) {
+                $otherserver = $found_server;
+            }
             if ($otherserver eq '') {
                 my $lowest_load;
                 ($otherserver,undef,undef,undef,$lowest_load) = &Apache::lonnet::choose_server($form{'udom'});
@@ -535,6 +576,8 @@ sub handler {
             }
             $r->internal_redirect($switchto);
         } else {
+            &Apache::loncommon::content_type($r,'text/html');
+            $r->send_http_header;
             $r->print(&noswitch());
         }
         return OK;
@@ -556,6 +599,8 @@ sub handler {
                 }
                 $r->internal_redirect($switchto);
             } else {
+                &Apache::loncommon::content_type($r,'text/html');
+                $r->send_http_header;
                 $r->print(&noswitch());
             }
             return OK;