Enhanced security logging and debugging in security-procs.tcl
- Updated the internal log procedure to accept multiple arguments (using join) for more flexible logging. - Replace several ns_log calls with ::security::log to standardize logging of session_id, login_cookie, timeout, and other events. - Add additional log statements in critical functions (e.g. sec_handler, sec_setup_session, __ad_verify_signature, and CSRF token handling) to provide better traceability of session allocation, cookie generation, session invalidation, and signature verification. - Improve debug output for CSRF token generation and verification, including logging differences in computed hash values.
Loading ...