diff --git a/resources/tokenisation/minter/token_validate.lua b/resources/tokenisation/minter/token_validate.lua
--- a/resources/tokenisation/minter/token_validate.lua
+++ b/resources/tokenisation/minter/token_validate.lua
#
@@ -32,20 +32,63 @@ local function getPath(str,sep)
#
return str:match("(.*"..sep..")")
#
+local function bakeTokenCookie(name,value,path,expires)
#
+ -- Return a string like
#
+ -- foo=value; Path=/foo/bar/sed; Expires=Jan 1st 2011
#
+ -- Calculate a cookie expiry string
#
+ expiry = ngx.cookie_time(expires)
#
+ -- name comes from something we used to reference a ngx variable, so strip the cookie_ prefix
#
+ local t = {string.sub(name,8), "=", value, "; Path=/", path, "; Expires=", expiry}
#
+ return table.concat(t,'')
#
-- Use same static values as were used to mint the origin token
#
vidpath = getPath(string.sub(ngx.var.uri,2))
#
ip = ngx.var.remote_addr
#
secret = ngx.var.secret
#
+cookiename = sha256.sha256(vidpath)
#
-- ngx.header['X-Tk-Debug'] = 'Validating for ip ' .. ip .. ' and path ' .. vidpath
#
local provided = ngx.var.arg_t
#
local expires = tonumber(ngx.var.arg_e)
#
+-- Token may also exist in a cookie (and if it doesn't were gonna push it there)
#
+-- calc the name as it's derived from the path
#
+cookie_t_name = "cookie_vid_auth_" .. cookiename
#
+cookie_e_name = "cookie_vid_auth_e_" .. cookiename
#
+ -- Check whether a token exists in cookies
#
+ cookie_t = ngx.var[cookie_t_name]
#
+ cookie_e = tonumber(ngx.var[cookie_e_name])
#
+ ngx.header['X-tk-db1'] = 'Cookie t is null'
#
+ if cookie_t == nil or cookie_e == nil
#
+ -- Token not provided at all
#
+ denyaccess('Missing Token')
#
if provided == nil or expires == nil
#
denyaccess('Missing Token')
#
@@ -70,5 +113,14 @@ if nowtok ~= provided
#
denyaccess('Token Invalid')
#
+ ckstring = {bakeTokenCookie(cookie_t_name,provided,vidpath,expires),bakeTokenCookie(cookie_e_name,expires,vidpath,expires)}
#
+ ngx.header["Set-Cookie"] = ckstring