luci-base: add support for setting cookie when using non login based authentication (mr available if wanted)

[reidar-cederqvist]

---

This is a request to merge a new feature.

Steps to reproduce:

Use ?sid= to login to a page in LuCI, if you now click on a link, you will no longer be logged in. This is by design.
I have at work made a patch to LuCI that introduces a config option in admin->auth called force_cookie when this is set to true,
LuCI will set the cookie for login allowing subsequent navigation in the menu to be authenticated with the same sid as the initial page visit.

Actual behavior:

as described above.

Expected behavior:

By default, this would not be turned on but enabled if you add "param:sid" as an auth->method, and set auth->force_cookie = true

Additional Information:

I have a patch already available, but I wanted to check if this would be of interest before creating a merge request.

[mikma]

I also want to be able to set the sysauth_http(s) cookie, but I want it to use the value of a form parameter. (I have a custom sysauth.ut template that uses the POST method.) I'm using the patch below. (I have made some additional changes that I removed, and I haven't tested the code I posted.)

@@ -911,20 +915,32 @@
 			if (!session && resolved.ctx.auth.login) {
 				let user = http.getenv('HTTP_AUTH_USER');
 				let pass = http.getenv('HTTP_AUTH_PASS');
+				let sysauth = http.formvalue('luci_sysauth');
 
 				if (user == null && pass == null) {
 					user = http.formvalue('luci_username');
 					pass = http.formvalue('luci_password');
 				}
 
+				if (sysauth)
+					session = session_retrieve(sysauth);
+				else 
 				if (user != null && pass != null)
 					session = session_setup(user, pass, resolved.ctx.request_path);