Adding upstream version 2.4.59.upstream/2.4.59upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

5 files changed, 58 insertions, 16 deletions

diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c
index 64e6e4a..fa8d406 100644
--- a/modules/session/mod_session.c
+++ b/modules/session/mod_session.c
@@ -128,7 +128,7 @@ static apr_status_t ap_session_load(request_rec * r, session_rec ** z)
     now = apr_time_now();
 
     if (zz) {
-        /* load the session attibutes */
+        /* load the session attributes */
         rv = ap_run_session_decode(r, zz);
  
         /* having a session we cannot decode is just as good as having
@@ -142,6 +142,7 @@ static apr_status_t ap_session_load(request_rec * r, session_rec ** z)
 
        /* invalidate session if session is expired */
         if (zz && zz->expiry && zz->expiry < now) {
+            ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, "session is expired");
             zz = NULL;
         }
     }
@@ -180,6 +181,7 @@ static apr_status_t ap_session_save(request_rec * r, session_rec * z)
 {
     if (z) {
         apr_time_t now = apr_time_now();
+        apr_time_t initialExpiry = z->expiry;
         int rv = 0;
 
         session_dir_conf *dconf = ap_get_module_config(r->per_dir_config,
@@ -210,6 +212,17 @@ static apr_status_t ap_session_save(request_rec * r, session_rec * z)
             z->expiry = now + z->maxage * APR_USEC_PER_SEC;
         } 
 
+        /* don't save if the only change is the expiry by a small amount */
+        if (!z->dirty && dconf->expiry_update_time
+                && (z->expiry - initialExpiry < dconf->expiry_update_time)) {
+            return APR_SUCCESS;
+        }
+
+        /* also don't save sessions that didn't change at all */
+        if (!z->dirty && !z->maxage) {
+            return APR_SUCCESS;
+        }
+
         /* encode the session */
         rv = ap_run_session_encode(r, z);
         if (OK != rv) {
@@ -304,15 +317,17 @@ static apr_status_t ap_session_set(request_rec * r, session_rec * z,
 
 static int identity_count(void *v, const char *key, const char *val)
 {
-    int *count = v;
-    *count += strlen(key) * 3 + strlen(val) * 3 + 1;
+    apr_size_t *count = v;
+
+    *count += strlen(key) * 3 + strlen(val) * 3 + 2;
     return 1;
 }
 
 static int identity_concat(void *v, const char *key, const char *val)
 {
     char *slider = v;
-    int length = strlen(slider);
+    apr_size_t length = strlen(slider);
+
     slider += length;
     if (length) {
         *slider = '&';
@@ -341,9 +356,9 @@ static int identity_concat(void *v, const char *key, const char *val)
  */
 static apr_status_t session_identity_encode(request_rec * r, session_rec * z)
 {
-
     char *buffer = NULL;
-    int length = 0;
+    apr_size_t length = 0;
+
     if (z->expiry) {
         char *expiry = apr_psprintf(z->pool, "%" APR_INT64_T_FMT, z->expiry);
         apr_table_setn(z->entries, SESSION_EXPIRY, expiry);
@@ -392,8 +407,8 @@ static apr_status_t session_identity_decode(request_rec * r, session_rec * z)
         char *plast = NULL;
         const char *psep = "=";
         char *key = apr_strtok(pair, psep, &plast);
-        char *val = apr_strtok(NULL, psep, &plast);
         if (key && *key) {
+            char *val = apr_strtok(NULL, sep, &plast);
             if (!val || !*val) {
                 apr_table_unset(z->entries, key);
             }
@@ -556,6 +571,10 @@ static void *merge_session_dir_config(apr_pool_t * p, void *basev, void *addv)
     new->env_set = add->env_set || base->env_set;
     new->includes = apr_array_append(p, base->includes, add->includes);
     new->excludes = apr_array_append(p, base->excludes, add->excludes);
+    new->expiry_update_time = (add->expiry_update_set == 0)
+                                ? base->expiry_update_time
+                                : add->expiry_update_time;
+    new->expiry_update_set = add->expiry_update_set || base->expiry_update_set;
 
     return new;
 }
@@ -625,6 +644,21 @@ static const char *add_session_exclude(cmd_parms * cmd, void *dconf, const char
     return NULL;
 }
 
+static const char *
+     set_session_expiry_update(cmd_parms * parms, void *dconf, const char *arg)
+{
+    session_dir_conf *conf = dconf;
+
+    conf->expiry_update_time = atoi(arg);
+    if (conf->expiry_update_time < 0) {
+        return "SessionExpiryUpdateInterval must be zero (disable) or a positive value";
+    }
+    conf->expiry_update_time = apr_time_from_sec(conf->expiry_update_time);
+    conf->expiry_update_set = 1;
+
+    return NULL;
+}
+
 
 static const command_rec session_cmds[] =
 {
@@ -640,6 +674,9 @@ static const command_rec session_cmds[] =
                   "URL prefixes to include in the session. Defaults to all URLs"),
     AP_INIT_TAKE1("SessionExclude", add_session_exclude, NULL, RSRC_CONF|OR_AUTHCFG,
                   "URL prefixes to exclude from the session. Defaults to no URLs"),
+    AP_INIT_TAKE1("SessionExpiryUpdateInterval", set_session_expiry_update, NULL, RSRC_CONF|OR_AUTHCFG,
+                  "time interval for which a session's expiry time may change "
+                  "without having to be rewritten. Zero to disable"),
     {NULL}
 };
 
diff --git a/modules/session/mod_session.h b/modules/session/mod_session.h
index a6dd5e9..bdeb532 100644
--- a/modules/session/mod_session.h
+++ b/modules/session/mod_session.h
@@ -115,6 +115,9 @@ typedef struct {
                                    * URLs included if empty */
     apr_array_header_t *excludes; /* URL prefixes to be excluded. No
                                    * URLs excluded if empty */
+    apr_time_t expiry_update_time; /* seconds the session expiry may change and
+                                    * not have to be rewritten */
+    int expiry_update_set;
 } session_dir_conf;
 
 /**
diff --git a/modules/session/mod_session_cookie.c b/modules/session/mod_session_cookie.c
index a010ee7..36168b7 100644
--- a/modules/session/mod_session_cookie.c
+++ b/modules/session/mod_session_cookie.c
@@ -60,9 +60,6 @@ static apr_status_t session_cookie_save(request_rec * r, session_rec * z)
     session_cookie_dir_conf *conf = ap_get_module_config(r->per_dir_config,
                                                     &session_cookie_module);
 
-    /* don't cache auth protected pages */
-    apr_table_addn(r->headers_out, "Cache-Control", "no-cache");
-
     /* create RFC2109 compliant cookie */
     if (conf->name_set) {
         if (z->encoded && z->encoded[0]) {
@@ -162,6 +159,9 @@ static apr_status_t session_cookie_load(request_rec * r, session_rec ** z)
     /* put the session in the notes so we don't have to parse it again */
     apr_table_setn(m->notes, note, (char *)zz);
 
+    /* don't cache auth protected pages */
+    apr_table_addn(r->headers_out, "Cache-Control", "no-cache, private");
+
     return OK;
 
 }
diff --git a/modules/session/mod_session_crypto.c b/modules/session/mod_session_crypto.c
index 996620d..fe39f2c 100644
--- a/modules/session/mod_session_crypto.c
+++ b/modules/session/mod_session_crypto.c
@@ -293,7 +293,7 @@ static apr_status_t encrypt_string(request_rec * r, const apr_crypto_t *f,
             *cipher, APR_MODE_CBC, 1, 4096, f, r->pool);
     if (APR_STATUS_IS_ENOKEY(res)) {
         ap_log_rerror(APLOG_MARK, APLOG_ERR, res, r, APLOGNO(01825)
-                "the passphrase '%s' was empty", passphrase);
+                "failure generating key from passphrase");
     }
     if (APR_STATUS_IS_EPADDING(res)) {
         ap_log_rerror(APLOG_MARK, APLOG_ERR, res, r, APLOGNO(01826)
@@ -391,6 +391,8 @@ static apr_status_t decrypt_string(request_rec * r, const apr_crypto_t *f,
         return res;
     }
 
+    res = APR_ECRYPT; /* in case we exhaust all passphrases */
+
     /* try each passphrase in turn */
     for (; i < dconf->passphrases->nelts; i++) {
         const char *passphrase = APR_ARRAY_IDX(dconf->passphrases, i, char *);
@@ -415,7 +417,7 @@ static apr_status_t decrypt_string(request_rec * r, const apr_crypto_t *f,
                                     f, r->pool);
         if (APR_STATUS_IS_ENOKEY(res)) {
             ap_log_rerror(APLOG_MARK, APLOG_DEBUG, res, r, APLOGNO(01832)
-                    "the passphrase '%s' was empty", passphrase);
+                    "failure generating key from passphrase");
             continue;
         }
         else if (APR_STATUS_IS_EPADDING(res)) {
diff --git a/modules/session/mod_session_dbd.c b/modules/session/mod_session_dbd.c
index 0be7306..f683da2 100644
--- a/modules/session/mod_session_dbd.c
+++ b/modules/session/mod_session_dbd.c
@@ -245,6 +245,9 @@ static apr_status_t session_dbd_load(request_rec * r, session_rec ** z)
     /* put the session in the notes so we don't have to parse it again */
     apr_table_setn(m->notes, note, (char *)zz);
 
+    /* don't cache pages with a session */
+    apr_table_addn(r->headers_out, "Cache-Control", "no-cache, private");
+
     return OK;
 
 }
@@ -409,9 +412,6 @@ static apr_status_t session_dbd_save(request_rec * r, session_rec * z)
     if (conf->name_set || conf->name2_set) {
         char *oldkey = NULL, *newkey = NULL;
 
-        /* don't cache pages with a session */
-        apr_table_addn(r->headers_out, "Cache-Control", "no-cache");
-
         /* if the session is new or changed, make a new session ID */
         if (z->uuid) {
             oldkey = apr_pcalloc(r->pool, APR_UUID_FORMATTED_LENGTH + 1);
@@ -458,7 +458,7 @@ static apr_status_t session_dbd_save(request_rec * r, session_rec * z)
     else if (conf->peruser) {
 
         /* don't cache pages with a session */
-        apr_table_addn(r->headers_out, "Cache-Control", "no-cache");
+        apr_table_addn(r->headers_out, "Cache-Control", "no-cache, private");
 
         if (r->user) {
             ret = dbd_save(r, r->user, r->user, z->encoded, z->expiry);