diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-25 04:41:26 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-25 04:41:26 +0000 |
commit | 7b31d4f4901cdb89a79f2f7de4a6b8bb637b523b (patch) | |
tree | fdeb0b5ff80273f95ce61607fc3613dff0b9a235 /modules/session | |
parent | Adding upstream version 2.4.38. (diff) | |
download | apache2-upstream.tar.xz apache2-upstream.zip |
Adding upstream version 2.4.59.upstream/2.4.59upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | modules/session/mod_session.c | 51 | ||||
-rw-r--r-- | modules/session/mod_session.h | 3 | ||||
-rw-r--r-- | modules/session/mod_session_cookie.c | 6 | ||||
-rw-r--r-- | modules/session/mod_session_crypto.c | 6 | ||||
-rw-r--r-- | modules/session/mod_session_dbd.c | 8 |
5 files changed, 58 insertions, 16 deletions
diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c index 64e6e4a..fa8d406 100644 --- a/modules/session/mod_session.c +++ b/modules/session/mod_session.c @@ -128,7 +128,7 @@ static apr_status_t ap_session_load(request_rec * r, session_rec ** z) now = apr_time_now(); if (zz) { - /* load the session attibutes */ + /* load the session attributes */ rv = ap_run_session_decode(r, zz); /* having a session we cannot decode is just as good as having @@ -142,6 +142,7 @@ static apr_status_t ap_session_load(request_rec * r, session_rec ** z) /* invalidate session if session is expired */ if (zz && zz->expiry && zz->expiry < now) { + ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, "session is expired"); zz = NULL; } } @@ -180,6 +181,7 @@ static apr_status_t ap_session_save(request_rec * r, session_rec * z) { if (z) { apr_time_t now = apr_time_now(); + apr_time_t initialExpiry = z->expiry; int rv = 0; session_dir_conf *dconf = ap_get_module_config(r->per_dir_config, @@ -210,6 +212,17 @@ static apr_status_t ap_session_save(request_rec * r, session_rec * z) z->expiry = now + z->maxage * APR_USEC_PER_SEC; } + /* don't save if the only change is the expiry by a small amount */ + if (!z->dirty && dconf->expiry_update_time + && (z->expiry - initialExpiry < dconf->expiry_update_time)) { + return APR_SUCCESS; + } + + /* also don't save sessions that didn't change at all */ + if (!z->dirty && !z->maxage) { + return APR_SUCCESS; + } + /* encode the session */ rv = ap_run_session_encode(r, z); if (OK != rv) { @@ -304,15 +317,17 @@ static apr_status_t ap_session_set(request_rec * r, session_rec * z, static int identity_count(void *v, const char *key, const char *val) { - int *count = v; - *count += strlen(key) * 3 + strlen(val) * 3 + 1; + apr_size_t *count = v; + + *count += strlen(key) * 3 + strlen(val) * 3 + 2; return 1; } static int identity_concat(void *v, const char *key, const char *val) { char *slider = v; - int length = strlen(slider); + apr_size_t length = strlen(slider); + slider += length; if (length) { *slider = '&'; @@ -341,9 +356,9 @@ static int identity_concat(void *v, const char *key, const char *val) */ static apr_status_t session_identity_encode(request_rec * r, session_rec * z) { - char *buffer = NULL; - int length = 0; + apr_size_t length = 0; + if (z->expiry) { char *expiry = apr_psprintf(z->pool, "%" APR_INT64_T_FMT, z->expiry); apr_table_setn(z->entries, SESSION_EXPIRY, expiry); @@ -392,8 +407,8 @@ static apr_status_t session_identity_decode(request_rec * r, session_rec * z) char *plast = NULL; const char *psep = "="; char *key = apr_strtok(pair, psep, &plast); - char *val = apr_strtok(NULL, psep, &plast); if (key && *key) { + char *val = apr_strtok(NULL, sep, &plast); if (!val || !*val) { apr_table_unset(z->entries, key); } @@ -556,6 +571,10 @@ static void *merge_session_dir_config(apr_pool_t * p, void *basev, void *addv) new->env_set = add->env_set || base->env_set; new->includes = apr_array_append(p, base->includes, add->includes); new->excludes = apr_array_append(p, base->excludes, add->excludes); + new->expiry_update_time = (add->expiry_update_set == 0) + ? base->expiry_update_time + : add->expiry_update_time; + new->expiry_update_set = add->expiry_update_set || base->expiry_update_set; return new; } @@ -625,6 +644,21 @@ static const char *add_session_exclude(cmd_parms * cmd, void *dconf, const char return NULL; } +static const char * + set_session_expiry_update(cmd_parms * parms, void *dconf, const char *arg) +{ + session_dir_conf *conf = dconf; + + conf->expiry_update_time = atoi(arg); + if (conf->expiry_update_time < 0) { + return "SessionExpiryUpdateInterval must be zero (disable) or a positive value"; + } + conf->expiry_update_time = apr_time_from_sec(conf->expiry_update_time); + conf->expiry_update_set = 1; + + return NULL; +} + static const command_rec session_cmds[] = { @@ -640,6 +674,9 @@ static const command_rec session_cmds[] = "URL prefixes to include in the session. Defaults to all URLs"), AP_INIT_TAKE1("SessionExclude", add_session_exclude, NULL, RSRC_CONF|OR_AUTHCFG, "URL prefixes to exclude from the session. Defaults to no URLs"), + AP_INIT_TAKE1("SessionExpiryUpdateInterval", set_session_expiry_update, NULL, RSRC_CONF|OR_AUTHCFG, + "time interval for which a session's expiry time may change " + "without having to be rewritten. Zero to disable"), {NULL} }; diff --git a/modules/session/mod_session.h b/modules/session/mod_session.h index a6dd5e9..bdeb532 100644 --- a/modules/session/mod_session.h +++ b/modules/session/mod_session.h @@ -115,6 +115,9 @@ typedef struct { * URLs included if empty */ apr_array_header_t *excludes; /* URL prefixes to be excluded. No * URLs excluded if empty */ + apr_time_t expiry_update_time; /* seconds the session expiry may change and + * not have to be rewritten */ + int expiry_update_set; } session_dir_conf; /** diff --git a/modules/session/mod_session_cookie.c b/modules/session/mod_session_cookie.c index a010ee7..36168b7 100644 --- a/modules/session/mod_session_cookie.c +++ b/modules/session/mod_session_cookie.c @@ -60,9 +60,6 @@ static apr_status_t session_cookie_save(request_rec * r, session_rec * z) session_cookie_dir_conf *conf = ap_get_module_config(r->per_dir_config, &session_cookie_module); - /* don't cache auth protected pages */ - apr_table_addn(r->headers_out, "Cache-Control", "no-cache"); - /* create RFC2109 compliant cookie */ if (conf->name_set) { if (z->encoded && z->encoded[0]) { @@ -162,6 +159,9 @@ static apr_status_t session_cookie_load(request_rec * r, session_rec ** z) /* put the session in the notes so we don't have to parse it again */ apr_table_setn(m->notes, note, (char *)zz); + /* don't cache auth protected pages */ + apr_table_addn(r->headers_out, "Cache-Control", "no-cache, private"); + return OK; } diff --git a/modules/session/mod_session_crypto.c b/modules/session/mod_session_crypto.c index 996620d..fe39f2c 100644 --- a/modules/session/mod_session_crypto.c +++ b/modules/session/mod_session_crypto.c @@ -293,7 +293,7 @@ static apr_status_t encrypt_string(request_rec * r, const apr_crypto_t *f, *cipher, APR_MODE_CBC, 1, 4096, f, r->pool); if (APR_STATUS_IS_ENOKEY(res)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, res, r, APLOGNO(01825) - "the passphrase '%s' was empty", passphrase); + "failure generating key from passphrase"); } if (APR_STATUS_IS_EPADDING(res)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, res, r, APLOGNO(01826) @@ -391,6 +391,8 @@ static apr_status_t decrypt_string(request_rec * r, const apr_crypto_t *f, return res; } + res = APR_ECRYPT; /* in case we exhaust all passphrases */ + /* try each passphrase in turn */ for (; i < dconf->passphrases->nelts; i++) { const char *passphrase = APR_ARRAY_IDX(dconf->passphrases, i, char *); @@ -415,7 +417,7 @@ static apr_status_t decrypt_string(request_rec * r, const apr_crypto_t *f, f, r->pool); if (APR_STATUS_IS_ENOKEY(res)) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, res, r, APLOGNO(01832) - "the passphrase '%s' was empty", passphrase); + "failure generating key from passphrase"); continue; } else if (APR_STATUS_IS_EPADDING(res)) { diff --git a/modules/session/mod_session_dbd.c b/modules/session/mod_session_dbd.c index 0be7306..f683da2 100644 --- a/modules/session/mod_session_dbd.c +++ b/modules/session/mod_session_dbd.c @@ -245,6 +245,9 @@ static apr_status_t session_dbd_load(request_rec * r, session_rec ** z) /* put the session in the notes so we don't have to parse it again */ apr_table_setn(m->notes, note, (char *)zz); + /* don't cache pages with a session */ + apr_table_addn(r->headers_out, "Cache-Control", "no-cache, private"); + return OK; } @@ -409,9 +412,6 @@ static apr_status_t session_dbd_save(request_rec * r, session_rec * z) if (conf->name_set || conf->name2_set) { char *oldkey = NULL, *newkey = NULL; - /* don't cache pages with a session */ - apr_table_addn(r->headers_out, "Cache-Control", "no-cache"); - /* if the session is new or changed, make a new session ID */ if (z->uuid) { oldkey = apr_pcalloc(r->pool, APR_UUID_FORMATTED_LENGTH + 1); @@ -458,7 +458,7 @@ static apr_status_t session_dbd_save(request_rec * r, session_rec * z) else if (conf->peruser) { /* don't cache pages with a session */ - apr_table_addn(r->headers_out, "Cache-Control", "no-cache"); + apr_table_addn(r->headers_out, "Cache-Control", "no-cache, private"); if (r->user) { ret = dbd_save(r, r->user, r->user, z->encoded, z->expiry); |